mowman

Hello, Welcome. My name is mowman, and I will be helping you fix your problems. If you do not make a reply in 3 days, we will have to close your topic. You may want to keep the link to this topic in your favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this topic. The topics you are tracking can be found by clicking on My Topics at the top of any page. Please take note of some guidelines for this fix: •Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix. •If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken. •Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. •Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See this Link for programs that need to be disabled and instruction on how to disable them. Remember to re-enable them when we're done. Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections. NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error

Please download AdwCleaner from here and save it to your desktop. Right click on AdwCleaner.exe and click "Run as Administrator" to run the tool. Click on Delete. A logfile will automatically open after the scan has finished. Please post the content of that logfile in your reply. You can find the logfile at C:\AdwCleaner[Rn].txt as well - (n is the scan number.) Please open your MalwareBytes AntiMalware Program Click the Update Tab and search for updates If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. <-- very important When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Next ESET Online Scanner I'd like us to scan your machine with ESET Online Scan Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time. Please don't go surfing while your resident protection is disabled! Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs. Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the Start button. Accept any security warnings from your browser. Check Make sure that the option "Remove found threats" is not checked Push the Start button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Push the Back button. Push Finish http://www.eset.com/onlinescan/ Also tell me how the computer is running now.

Download Combofix from either of the links below, and save it to your desktop. Link 1 Link 2 **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here -------------------------------------------------------------------- Double click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt for further review. NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error

Hello, Welcome My name is mowman, and I will be helping you fix your problems. If you do not make a reply in 3 days, we will have to close your topic. You may want to keep the link to this topic in your favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this topic. The topics you are tracking can be found by clicking on My Topics at the top of any page. Please take note of some guidelines for this fix: •Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix. •If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken. •Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. •Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post Please download TDSSKiller.zip Extract it to your desktop Double click TDSSKiller.exe Press Start Scan Only if Malicious objects are found then ensure Cure is selected If suspicious objects are found select skip Then click Continue > Reboot now [*]Copy and paste the log in your next reply A copy of the log will be saved automatically to the root of the drive (typically C:\) Please download DDS by sUBs from one of the following links and save it to your desktop. DDS.scr DDS.pif [*]Disable any script blocking protection (How to Disable your Security Programs) [*]Double click DDS icon to run the tool (may take up to 3 minutes to run) [*]When done, DDS.txt will open. [*]After a few moments, attach.txt will open in a second window. [*]Save both reports to your desktop. --------------------------------------------------- Post the contents of the DDS.txt and Attach.txt in your next reply

Well its been 4 days since i did the system recovery and so far so good.No startup problems. I still dont understand why restoring it back to a time when it didnt work properly would fix it but hey who cares as long as is working who cares. I hope it stays like this because i really dont want to go through all these reinstalls and updates again.

I was actually thinking of a DESTRUCTIVE RESTORE though you probably didnt mean a sledgehammer like i planned to use. Ah well here goes nothing

I sent a reply to HP asking this and will see what they come back with.If they still suggest it i will give it a go. It seems quite easy to do even for me.I dont really need to back up any files as i mainly use it for playing poker and just general surfing. Is there anything else i would need to know before proceeding?

There is no issue with the Total Security rogue.I have read enough about it to know what to do when one of them tries it on.Thanks for the reply though

Hi guys a bit of an update and another question. I decided against taking it back straight away as they were useless last time so i contacted hp support by email.Told them the problems and demanded they do something about it as it is still under warranty.Also threatened to refer them to the office of fair trading here in uk. I just got a reply telling me to do a restore back to factory settings using recovery manager.Do you think this will be worth it as it was rubbish the day i bought it and will i not be restoring it back to a time when it didnt work properly. PS.I wanted to get a weather report for the Brazillian Grand Prix in Sao Paolo earlier so i went to a seemingly safe website for the report and got attacked by the rogue av Total Security.Luckily i shut it down quickly enough and all scans were clean.This is my first pc and with the luck i am having it may well be ny last LOL.

I will try and get it repaired but i wont hold my breath as last time they refused to do anything. Thanks for your help guys.

I got chkdsk to run today through windows explorer.I dont think it found anything but it did not really give me time to read everything at the end before it restarted. Strangely today i have had no black section at log in screen on both boot ups

This laptop came with vista pre-installed so have never had a disc. Something new is happening now.Although it is booting ok at the moment,when the login screen appears the bottom third of the page is black for a second or so with a bit of distortion at the top of the black bit.The other day i got some weird pixelation instead of this.This has only happened since i set up tha admin account although i cant see what difference that would make.Maybe it is something to do with the 6 manual shutdowns i had to do when it wouldnt boot the other day.

ok so i ran sfscan /scannow and all was fine-no integrity violations. But then i ran chkdsk /f.it said cannot run until reboot y/n so i typed y and it said it will start at next bootup. So i exited and restarted but it started up as normal-no chkdsk. I am guessing i did something wrong again but i really cant work out what.

The problem with booting up has been present since the day i bought it.When i first set it up and installed the windows updates and selected restart as it told me to it got stuck. It has continued to do this off and on for 9 months since.I got onto hp about this and they told me to take it back to pc world for repair. However as i had waited for about 3 months to do this pc world said it was a software problem and this was not covered by warranty after 30 days. Now i have figured out that it fails to start shortly after windows updates so i have set it to never check for updates and hope this will prevent further startup problems

Everything seemed to go well that time.I now have 2 accounts on this pc.My original one and now an account called administrator. So hopefully now if i ever do need system recovery or something similar i will be ok with the new password. Thanks swagger for your excellent and speedy help

hi swagger thanks for the extremely quick reply i tried to follow the instructions but when i typed in net user administrator / active:yes it said / is unknown i probably did something wrong but i'm not sure what

since new i have had startup problems with this laptop.it gets stuck on microsoft loading screen and i have to manually turn off with power button. usually it then goes to startup repair then does system restore and it boots ok next time. this time though system restore didnt word and it took six attempts to startup. one option it gave me was to look at system recovery which i tried to do.it asked me for the admin password so i entered my login password which is the only one ever used on the only account ever used on this pc. it said admin rights disabled contact your administrator.contact myself? any ideas on how to access admin rights please