Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backup Errors on Start Up


  • This topic is locked This topic is locked
3 replies to this topic

#1 absolutelyangi

absolutelyangi

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gaithersburg, MD USA
  • Local time:07:38 AM

Posted 13 November 2010 - 04:26 PM

OS Version: Microsoft® Windows Vista™ Business , Service Pack 2, 32 bit
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz, x64 Family 6 Model 15 Stepping 11
Processor Count: 4
RAM: 3069 Mb
Graphics Card: ATI Radeon HD 2600 XT, 256 Mb
Hard Drives: C: Total - 476898 MB, Free - 380422 MB; J: Total - 476937 MB, Free - 400707 MB;
Motherboard: Dell Inc., 0FM586, , ..CN736048B800IW.
Antivirus: Kaspersky Internet Security, Updated and Enabled
-------------------------

Can anyone please help me?
I am receiving Backup Errors.

I went to Windows Answers, but everytime I go there and click on an
answer, it pops up a new blank IE page.

-------------------------
I made a complete backup of my system on Friday, 11/12/2010.
-------------------------
Then I
upgraded from Office Home and Student 2007 to 2010.
Played around with the settings in Word, made a document, printed it.

Then I got a Windows Update icon in my tray. It was all the Office updates.
So I ran the updates.
-------------------------
Later I played with Paint Shop Pro v7 and made some graphics for my Garmin.

I read some emails, then I went to a couple of websites, played a game of Windows Mahjong
on my computer, then went to bed.

Then I shut down my computer.
-------------------------
This morning when I turned my computer I received these 2 errors.

A backup error window popped up and said:

An error occurred when checking the status of the last automatic backup.
This service cannot be started, either because it is disabled or because it
has no enabled devices associated with it. (0x80070422)
Verify the status of your backup.

Posted Image

When I clicked the OK button, a new error window popped up and said:

The backup applicaton could not start due to an internal error:
The service cannot be started, either because it is disabled or because it
has no enabled devices associated with it. (0x80070422)
Please check your system configuration and try again.
Then I clicked OK to get rid of the window.

Posted Image

So then I went to Start and clicked on
Backup and Restore center.
It showed that my last complete system backup was 11/12/2010.

So then I clicked on Repair Windows using Sysem Restore.

Got another popup that said:

System Restore
Restore system files and settings
(a big red X in a circle) No restore points have been created on your computer's system disk.
To create a restore point, open System Protection.

Posted Image
System Restore Popup


So I clicked on System Protection and this is what it said:

System Protection Popup

Under Available Disks, Most recent restore point it says:

(checkmark)Local Disk (System) None
(checkmark)My Book (System) None

Then it says I can Create one.
Posted Image

WHERE DID ALL MY BACKUPS GO?
-------------------------

So then I thought, well maybe I picked up a Virus from one of the sites I went to last night.
I then ran a Quick Scan, Objects Scan and Full Scan, with Kaspersky Internet Secury 2010,
it showed no virus.
-------------------------
Then I ran MalwareBytes Anti-Malware v1.46, it came back clean.
-------------------------
Then I ran SpyBot S&D v1.6.2 and it came back with the following:

--- Search result list ---
Microsoft.Windows.Security.InternetExplorer: [SBI $A3433CBF] Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-4177446813-1630362083-2170439051-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

I did not let SpyBot fix this, because I have no clue what it is.
-------------------------
Then I opened HiJackThis v2.02 and ran a scan, because when I downloaded the final freeware v.2.04
my system would not let me run the file, another error popup. *sigh* HJT did not have anything checked,
so I just saved the log file.
-------------------------

I ran Defogger and it disabled my CD Emulation Software

-------------------------

I ran DDS, Here is the log file:


DDS (Ver_10-11-10.01) - NTFSx86
Run by Angi at 3:01:48.02 on Sun 11/14/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3069.1755 [GMT -5:00]


SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\AutoSizer\AutoSizer.exe
C:\Program Files\Stardock\CursorXP\CursorXP.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Angi\Desktop\Bleeping Computer\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe


============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {d1e06b91-60e6-4492-af9f-53043fa32716} - No File
TB: @c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [AutoSizer] "c:\program files\autosizer\AutoSizer.exe"
uRun: [CursorXP] c:\program files\stardock\cursorxp\CursorXP.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
StartupFolder: c:\users\angi\appdata\roaming\micros~1\windows\startm~1\programs\startup\mailwa~1.lnk - c:\program files\firetrust\mailwasher pro\MailWasher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: garmin.com\www
Trusted Zone: microsoft.com\social.answers
Trusted Zone: sandyspringbank.com\www
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxps://www.marylandsail.org/Reserved.ReportViewerWebControl.axd?ReportSession=io5lzjz4u3lig445iretcoqf&ControlID=b8d512020ae94b66b4035606222a53a9&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: klogon - c:\windows\system32\klogon.dll
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\mcpcore.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\program files\stardock\object desktop\deskscapes\deskscapes.dll
STS: Stardock Vista ControlPanel Extension: {ec654325-1273-c2a9-2b7c-45d29bce68fd} - c:\program files\stardock\object desktop\deskscapes\DesktopControlPanel.dll
STS: StardockDreamController: {ec654325-1273-c2a9-2b7c-45d29bce68ff} - c:\program files\stardock\object desktop\deskscapes\DreamControl.dll
Hosts: 127.0.0.1 www.spywareinfo.com


============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-15 1153368]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-12 20952]
S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2008-10-8 3328]
S4 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-12 304464]
S4 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]


=============== Created Last 30 ================

2010-11-12 17:32:07 -------- d-----w- c:\windows\PCHEALTH
2010-11-12 17:27:53 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-11-10 03:11:02 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-10-27 13:03:56 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-10-27 13:03:56 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-10-27 13:03:08 -------- d-----w- c:\program files\Kaspersky Lab
2010-10-27 13:03:08 -------- d-----w- c:\progra~2\Kaspersky Lab
2010-10-27 12:59:14 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
2010-10-26 19:28:22 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-26 19:28:22 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-26 19:28:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-22 20:06:45 -------- d-----w- c:\users\angi\appdata\roaming\AI Internet Solutions
2010-10-22 19:56:56 -------- d-----w- c:\program files\HTMLValidatorLite100
2010-10-21 17:40:37 -------- d-----w- c:\program files\Avery
2010-10-21 17:33:43 -------- d-----w- c:\program files\Avery Dennison(0)
2010-10-18 22:04:12 -------- d-----w- c:\users\angi\appdata\roaming\Jasc
2010-10-17 23:03:11 -------- d-----w- c:\windows\system32\%APPDATA%
2010-10-15 19:28:32 -------- d-----w- c:\program files\Spybot - Search & Destroy


==================== Find3M ====================

2010-11-08 19:51:51 103720 ----a-w- c:\users\angi\GoToAssistDownloadHelper.exe
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:23:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 17:07:35 834048 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 15:23:27 389632 ----a-w- c:\windows\system32\html.iec
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe


============= FINISH: 3:02:49.69 ===============


-------------------------

When I ran GMER, I unchecked what you showed, then I clicked on Scan, it went for about a minute then I got a popup saying the program has stopped working and will now close.

Problem signature

Problem Event Name: APPCRASH

Application Name: gmer.exe

Application Version: 1.0.15.15530

Application Timestamp: 4cd7c3b7

Fault Module Name: gmer.exe

Fault Module Version: 1.0.15.15530

Fault Module Timestamp: 4cd7c3b7

Exception Code: c0000005

Exception Offset: 0000c551

OS Version: 6.0.6002.2.2.0.256.6

Locale ID: 1033

Additional Information 1: 4254

Additional Information 2: fe2c75f8e1cb8e4ac132f386ef457bf0

Additional Information 3: c7a6

Additional Information 4: c9e70a773be29bf065b64bebac22265b

-------------------------

I have also attached my Spybot report as well as my HJT report.

Any help would be truly appreciated.

Angi

Attached Files


Edited by absolutelyangi, 14 November 2010 - 03:58 AM.
Moved to log forum. ~ OB

I hope you have a great day today and an even better day tomorrow! :-)
Click on my banner to visit my site some day when you're bored! LOL!


Posted Image


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,815 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:38 PM

Posted 22 November 2010 - 07:33 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 absolutelyangi

absolutelyangi
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Gaithersburg, MD USA
  • Local time:07:38 AM

Posted 22 November 2010 - 10:08 AM

Thanks Elise,

I'm sorry I forgot to post back that I have solved this problem. It was a .NET Framework problem. A microsoft tech came on my computer remotely and got my system running back to normal. Thanks so much for being available to help me, and others like me. You people on this site are fantastic! :clapping:

Angi

I hope you have a great day today and an even better day tomorrow! :-)
Click on my banner to visit my site some day when you're bored! LOL!


Posted Image


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,815 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:38 PM

Posted 22 November 2010 - 10:38 AM

Thank you for letting me know Angi. I'm glad to hear you got it fixed. :)

I will now close this topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users