dudeperfect
New Member
Maybe someone know how to fix this. It has started few weeks ago, I have no idea why, HDD light turns on and stays on forever, of course until restart. It also freezes my pc, even a cursor.
HDD Light Always On
- Thread starter dudeperfect
- Start date
dudeperfect
New Member
Even in the normal mode it is not always happening. I will try to scan pc for that boot virus.
Do the following.
1.
Please download and run TDSSkiller
When the program opens, click on the start scan button.
TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.
To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.
After trying to clean them it will pop up with the results of the scan and its actions.
Please reboot the system if asked to do so.
After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
Please open the log and copy and paste it back here.
2.
Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.
EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE
But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.
Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.
Vista and Windows 7 users must right click on the hijackthis icon and click on run as. If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.
Click Do a system scan and save a logfile
Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.
When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.
Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
1.
Please download and run TDSSkiller
When the program opens, click on the start scan button.
TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.
To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.
After trying to clean them it will pop up with the results of the scan and its actions.
Please reboot the system if asked to do so.
After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
Please open the log and copy and paste it back here.
2.
Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
- then click Finish.
- If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware
If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.
EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE
But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.
Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.
Vista and Windows 7 users must right click on the hijackthis icon and click on run as. If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.
Click Do a system scan and save a logfile
Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.
When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.
Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
dudeperfect
New Member
That kaspersky scanner found nothing. Malware scanner found 36 problems. All deleted. It asks me for rebooting. Can I do that? And that last hijack program doesn't work. it shows errors while installing.
dudeperfect
New Member
The installer has encountered an unexpected error. This may indicate a problem with this package. The error code is 2908.
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.07.26.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Tomas :: TOMAS-8F0FB0721 [administrator]
Protection: Enabled
2013.07.26 20:06:01
mbam-log-2013-07-26 (20-06-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 368723
Time elapsed: 11 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 9
HKCR\CLSID\{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} (PUP.DealPly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66} (PUP.DealPly) -> Quarantined and deleted successfully.
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCR\CLSID\{dedbb410-30bd-5eb4-8555-c0ee0936e592} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1&cf=fd1c08a0-f776-11e1-8026-001e7385ce1f) Good: (http://www.google.com) -> Quarantined and repaired successfully.
Folders Detected: 4
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\wxDfast (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\wxDfast\data (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\RelevantKnowledge (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
Files Detected: 22
C:\Program Files\DealPly\DealPlyIE.dll (PUP.DealPly) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tomas\Application Data\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tomas\My Documents\Downloads\setup (1).exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-823518204-1326574676-1801674531-1003\Dc33.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\ICReinstall_setup (1).exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\wxDfast\background.html (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\wxDfast\content.js (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\wxDfast\ogoleeggkanglbaeoblbainoglldjefi.crx (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\wxDfast\settings.ini (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\wxDfast\data\content.js (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\wxDfast\data\jsondb.js (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\nscf.dat (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlls.dll (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlls64.dll (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlservice.exe (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlvknlg64.exe (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
(end)
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.07.26.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Tomas :: TOMAS-8F0FB0721 [administrator]
Protection: Enabled
2013.07.26 20:06:01
mbam-log-2013-07-26 (20-06-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 368723
Time elapsed: 11 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 9
HKCR\CLSID\{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} (PUP.DealPly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66} (PUP.DealPly) -> Quarantined and deleted successfully.
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCR\CLSID\{dedbb410-30bd-5eb4-8555-c0ee0936e592} (Trojan.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1&cf=fd1c08a0-f776-11e1-8026-001e7385ce1f) Good: (http://www.google.com) -> Quarantined and repaired successfully.
Folders Detected: 4
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\wxDfast (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\wxDfast\data (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\RelevantKnowledge (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
Files Detected: 22
C:\Program Files\DealPly\DealPlyIE.dll (PUP.DealPly) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tomas\Application Data\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tomas\My Documents\Downloads\setup (1).exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-823518204-1326574676-1801674531-1003\Dc33.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tomas\Local Settings\Temp\ICReinstall_setup (1).exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\wxDfast\background.html (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\wxDfast\content.js (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\wxDfast\ogoleeggkanglbaeoblbainoglldjefi.crx (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\wxDfast\settings.ini (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\wxDfast\data\content.js (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Application Data\wxDfast\data\jsondb.js (PUP.wxDfast) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\nscf.dat (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlls.dll (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlls64.dll (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlservice.exe (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlvknlg64.exe (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
(end)
dudeperfect
New Member
The next error popup:
Could not open key:
UNKNOWN/Components/a lot of numbers
Verify that u have sufficient access to that key or contact your support personel.
Could not open key:
UNKNOWN/Components/a lot of numbers
Verify that u have sufficient access to that key or contact your support personel.
Ok, lets continue scanning. Please do these in order.
1.
Please download AdwCleaner by Xplode onto your Desktop.
•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with OK
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
2.
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.
In your next reply please post:
1.
Please download AdwCleaner by Xplode onto your Desktop.
•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with OK
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
2.
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
- Download this file here :
Combofix
- When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
- Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
- We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
- Close all open Windows including this one.
- Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
- Please click on I agree on the disclaimer window.
- ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
- ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
- Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
- At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
- Please click on yes in the next window to continue scanning for malware.
- ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
- ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
- While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
- When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
- This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
- When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
- Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.
In your next reply please post:
- The ComboFix log
- A fresh HiJackThis log
- An update on how your computer is running
dudeperfect
New Member
Can I reboot now? After malwarebyte scan? before doing these?
dudeperfect
New Member
ADWCleaner log file:
dudeperfect
New Member
Ok, I'm doing this now.
dudeperfect
New Member
Please run this special combofix script.
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
I also want to see a list of what programs you have installed. Please navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt Open that file and copy and paste the contents back here.
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box
Code:
File::
c:\windows.0\system32\SET129.TMP
c:\windows.0\system32\SET128.TMP
c:\windows.0\system32\SET127.TMP
c:\windows.0\system32\SET126.TMP
c:\windows.0\system32\SET121.TMP
c:\windows.0\system32\SET11F.TMP
c:\windows.0\system32\SET11D.TMP
c:\windows.0\system32\SET11B.TMP
c:\windows.0\system32\SET119.TMP
c:\windows.0\system32\drivers\SET115.TMP
Driver::
dealplylive
dealplylivem3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
I also want to see a list of what programs you have installed. Please navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt Open that file and copy and paste the contents back here.
dudeperfect
New Member
Please run this special combofix script.
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box
Code:File:: c:\windows.0\system32\SET129.TMP c:\windows.0\system32\SET128.TMP c:\windows.0\system32\SET127.TMP c:\windows.0\system32\SET126.TMP c:\windows.0\system32\SET121.TMP c:\windows.0\system32\SET11F.TMP c:\windows.0\system32\SET11D.TMP c:\windows.0\system32\SET11B.TMP c:\windows.0\system32\SET119.TMP c:\windows.0\system32\drivers\SET115.TMP Driver:: dealplylive dealplylivem
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
I also want to see a list of what programs you have installed. Please navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt Open that file and copy and paste the contents back here.
Ok. Here is log file:
And here is programs:
I would suggest uninstalling the following programs if you don't need them.
Adobe Acrobat 5.0 - old and outdated. newer version available.
BitComet 1.34 - using torrents can get you infected.
Java Media Framework 2.1.1e
Java SE Development Kit 7 Update 13
Java SE Development Kit 7 Update 5
JavaFX 2.2.7
JavaFX 2.2.7 SDK
The latest version of java is version 7 update 25, which you have installed. If you don't need the developement kits or the fx series then uninstall them.
I do notice that you have a dual boot selection of 2 windows xp operating systems. Any particular reason? Is one bad?
Adobe Acrobat 5.0 - old and outdated. newer version available.
BitComet 1.34 - using torrents can get you infected.
Java Media Framework 2.1.1e
Java SE Development Kit 7 Update 13
Java SE Development Kit 7 Update 5
JavaFX 2.2.7
JavaFX 2.2.7 SDK
The latest version of java is version 7 update 25, which you have installed. If you don't need the developement kits or the fx series then uninstall them.
I do notice that you have a dual boot selection of 2 windows xp operating systems. Any particular reason? Is one bad?
dudeperfect
New Member
Yes. I tried manually to reinstall windows few years ago. Someone seems went wrong.
I'm Java programmer a bit, so that's why im using those JDK. So, everything is good now?
When you reinstalled windows you did a parallel(dual boot) install. I would definately think about upgrading to windows 7 if your machine can handle it. You should run the windows 7 upgrade advisor to see if there are any issues. When you do a fresh install you didn't delete the existing partitions and repartition. XP's support ends in April 2014, which means there will be no more security updates.
You really should do a fresh install but I would wait until you could get windows 7 if your machine can handle it. How much system ram is installed?
Other than that, don't see any more issues. Let me know if the hdd light still stays on.
You really should do a fresh install but I would wait until you could get windows 7 if your machine can handle it. How much system ram is installed?
Other than that, don't see any more issues. Let me know if the hdd light still stays on.
