169 replies to this topic

[OCD]

Hi CoolCat,

Is the DDS log a .txt file? If so just copy and paste it in your reply.

If it's not a.txt file, what is the file extension?

[OCD]

Hi CoolCat,

Just checking in to see if you still need help?

[CoolCat]

Sorry for the delay. The dds file is not a text file. I right clicked it and looked at properties and it says "Screen Saver (.scr)" Also, there are several aswMBR files in that folder and a tdsskiller, TFC which is a .exe file and I have no clue how that got in there, either. Also another OTL icon and another called PSISetup and I don't need nor want any of these if I don't have to have them to operate the computer. Thank you, again!!

[OCD]

Hi CoolCat,

The dds.scr file is actually the dds program I had you run. All of these files can be removed. The PSISetup file is for Secunia Personal Software Inspector. The program is used to help you keep your programs updated. It is not critical to the functioning of your computer but is helpful in keeping your software up to date.

[OCD]

Hi CoolCat, Any other questions?

[CoolCat]

Hi OCD, I am still experiencing problems. The computer has been running very slow which may be the Comodo firewall but I am not sure. I deleted all the programs I mentioned to you, including the dds file and when I looked a few hours ago, it was all back in the same folder, even though I deleted them. Last night I had rebooted and when I did, the computer did it's usual thing and connected, immediately, via the router or a router, instead of the cable box, and I started to switch it when Avira popped up with a trojan warning and an IP address that it said had just connected to my computer. I ran that address and found it to also come from Mediacom, my ISP but the location is showing about a mile away from our house. I denied access to the trojan and this is the message that had popped onto the Avira screen. Virus or unwanted program 'TR/Crypt.XPACK.Gen2 [trojan]'detected in file 'C:\Program Files (x86)\Launch Manager\QtZgAcer.EXE. Action performed: Deny access I am still running the anti-virus after 3+ hours of scanning and so far, so good but I won't hold my breath until it's done. I was going to run Malwarebytes, first and found it missing!!! Saturday evening, I went to reboot and for the 2nd time in 2 days, the icon that shows internet connections available to me, that show in the system tray (i.e. the router vs the cable and all the other connections in the neighborhood) was missing from the system tray. Not wanting to sign on with the router (and I am not sure whose router it is that is showing up) so I rebooted and when I did, I got an error that Windows couldn't boot up and I should run a Windows Recovery program that was showing on the screen. This was or is a DOS screen so I trusted it. I ran it and it was taking a long time so I got up to go over to the sink and don't you know, it finished while I was away from the computer and as soon as I walked up to the screen, it popped off the screen so I couldn't see what it said. The computer booted back up and things ran much better, but like I said, Malwarebytes is now missing and who knows what else plus all those programs or the icons for them are back, including the dds file. I am about to tear my hair out, now. I have never had so much trouble cleaning up a mess with a computer before and if you go back and read (I know you can't possibly spend that much time) you would see I have used this site for years and cleaned many different computers, including an old, old one that was badly infected and belonged to my son and is Win98, plus my others that were Win98, XP and now Vista. I just have never seen such a mess before.

[OCD]

Hi CoolCat,

• What is the make and model of the computer?
• Virus or unwanted program 'TR/Crypt.XPACK.Gen2 [trojan]'detected in file 'C:\Program Files (x86)\Launch Manager\QtZgAcer.EXE. -- Here is the file information : LManager QtZgAcer.EXE Related to Acer inc. Part of Acer Launch Manager. Gives you control to customize the monitor to your liking...from sound, brightness, contrast, horizontal and vertical positions, phase, pixel clock, color and language - User's choice! Note: Located in \%Program Files%\Launch Manager\
• How was you computer connected to the Internet before all these connection issues? What components were used? (i.e. cable box, router)
• When you ran the Windows Recovery step it probably rolled back your system to before you removed those files. You can just go ahead and remove them again.
• As for Malwarebytes', just re-download it and run a scan.

Unfortunately, when we make changes to our computers or network sometimes we run into conflicts that we didn't encounter before. But I will do my best to get you back up and running as before.

[CoolCat]

Hi CoolCat,

• What is the make and model of the computer?
• Virus or unwanted program 'TR/Crypt.XPACK.Gen2 [trojan]'detected in file 'C:\Program Files (x86)\Launch Manager\QtZgAcer.EXE. -- Here is the file information : LManager QtZgAcer.EXE Related to Acer inc. Part of Acer Launch Manager. Gives you control to customize the monitor to your liking...from sound, brightness, contrast, horizontal and vertical positions, phase, pixel clock, color and language - User's choice! Note: Located in \%Program Files%\Launch Manager\
• How was you computer connected to the Internet before all these connection issues? What components were used? (i.e. cable box, router)
• When you ran the Windows Recovery step it probably rolled back your system to before you removed those files. You can just go ahead and remove them again.
• As for Malwarebytes', just re-download it and run a scan.

Unfortunately, when we make changes to our computers or network sometimes we run into conflicts that we didn't encounter before. But I will do my best to get you back up and running as before.

Hi OCD,

This is an Acer Aspire, 6930 laptop.

The computer was connecting right through the cable box, apparently, as that connection has a name and now it automatically connects via a linksys router, until I manually switch it. So as soon as it boots up, it automatically connects through that router. I don't know if that is our router or someone else's in the neighborhood. I can see 17 connections at this time, meaning 17 people's internet access, including ours and the router. Most if not all of the others say they are security enabled networks but the router does not. If it is our router I am seeing, there is nothing I can do to change the router set-up, itself, due to my son's connection to xbox live as that is the way xbox and microsoft has had him set it up. Our connection is very bad as it is and if the router is not set up the way he has it, he cannot connect and play.

Yes, you are probably right about the windows recovery causing some of these things, if not all, to appear or disappear because I recall it saying it may remove programs that were newly installed and I believe I did delete Malwarebytes and download a new copy. Sorry about that - there is just so much!! And after the computer booted up, there were 5 Windows or computer updates that immediately started loading or downloading, then they had to be installed by the computer.

Ok, so what do I need to do, other than delete the programs, again, and download another copy of Malwarebytes?

Thankyou!!

[OCD]

Hi CoolCat, Since you appear to be able to connect to the Internet with the way your son has it set up for his gaming I would tend to believe that you are connecting through your own router. Does your Internet connection say it has Security Enabled next to it in the list? If so then you should be just fine. Just keep your Anti-Virus up to date and keep your Firewall enabled. Other than that you should be good to go. We covered all the clean up steps earlier. Just a word of note; other online activities might be reduced during the times when your son is actively gaming. If you have any other questions let me know. Otherwise please reply back once more and let me know you are OK so I can close the thread.

[OCD]

Hi CoolCat, Do you still require assistance?

[CoolCat]

Hi CoolCat,

Since you appear to be able to connect to the Internet with the way your son has it set up for his gaming I would tend to believe that you are connecting through your own router. Does your Internet connection say it has Security Enabled next to it in the list? If so then you should be just fine. Just keep your Anti-Virus up to date and keep your Firewall enabled.

Other than that you should be good to go. We covered all the clean up steps earlier.

Just a word of note; other online activities might be reduced during the times when your son is actively gaming.

If you have any other questions let me know. Otherwise please reply back once more and let me know you are OK so I can close the thread.

When it connects through the router, it says it's an unsecured network. When it connects through the cable connection name, it says it's a secure connection.

The computer crashed again and i had to do another Windows recovery. This is the 2nd time this has happened this week and the only time it's ever happened so I don't know what would be causing this. I shut it down like I always do and got that same message when I rebooted and had to go through the recovery process, again.

I also keep getting this error and have to keep reloading pages, over and over and I never had this message or problem happen before, either.


RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) has crashed.

Edited by CoolCat, 27 June 2013 - 04:52 AM.

[OCD]

Hi CoolCat,

When it connects through the router, it says it's an unsecured network. When it connects through the cable connection name, it says it's a secure connection.

Be sure to always use the secure connection.

=========================

1. Chkdsk in Vista/7

You must run the command prompt as an administrator or in an "elevated mode".

• Start menu, in the search bar type "cmd"
• Right-click the cmd icon, select "run as administrator"
  
  • If you have user account control (UAC) set up it may prompt you to accept that action.
• Then type in "chkdsk /r" (make note of the space between chkdsk and /)

=========================

To view results log:

• Open the Start Menu, and type eventvwr.msc in the search box and press enter.
• If prompted by UAC, then click on Yes (Windows 7) or Continue (Vista).
• In the left pane of Event Viewer, double click on Windows Logs to expand it, then right click on Application and click on Find.
• Copy and paste Chkdsk into the line, and click on Find Next.
• You will now see the system log for the scan results of Check Disk (chkdsk).
• In the right had menu select copy, open notepad and paste the chkdsk results into notepad
• Post in your next reply.

=========================

I also keep getting this error and have to keep reloading pages, over and over and I never had this message or problem happen before, either.
RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) has crashed.

Which browser does this error occur in?

=========================

In your next post please provide the following:

• chkdsk results
• RealNetworks Plug-In answer

[CoolCat]

There were all kinds of logs in the event viewer that showed up. I did not see one single log that said System Log but there is another place I could click down below called Event so I looked at that and it seems it could be what you are talking about so I copied it. Here is that. And I am using Chrome as the browser and have read to disable the pepperflash in there. However, if I do that, then no video copying, correct? + System - Provider [ Name] Microsoft-Windows-Wininit [ Guid] {206f6dea-d3c5-4d10-bc72-989f03c8b84b} [ EventSourceName] Wininit - EventID 1001 [ Qualifiers] 16384 Version 0 Level 4 Task 0 Opcode 0 Keywords 0x80000000000000 - TimeCreated [ SystemTime] 2013-06-28T11:12:43.000Z EventRecordID 137229 Correlation - Execution [ ProcessID] 0 [ ThreadID] 0 Channel Application Computer Arwen Security - EventData Checking file system on C: The type of the file system is NTFS. Volume label is ACER. A disk check has been scheduled. Windows will now check the disk. 252032 file records processed. 1939 large file records processed. 0 bad file records processed. 0 EA records processed. 43 reparse records processed. 335092 index entries processed. 0 unindexed files processed. 252032 security descriptors processed. Cleaning up 487 unused index entries from index $SII of file 0x9. Cleaning up 487 unused index entries from index $SDH of file 0x9. Cleaning up 487 unused security descriptors. 41531 data files processed. CHKDSK is verifying Usn Journal... 35969632 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 252016 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 13632363 free clusters processed. Free space verification is complete. Windows has checked the file system and found no problems. 149992447 KB total disk space. 94968828 KB in 195535 files. 123724 KB in 41532 indexes. 4 KB in bad sectors. 370439 KB in use by the system. 65536 KB occupied by the log file. 54529452 KB available on disk. 4096 bytes in each allocation unit. 37498111 total allocation units on disk. 13632363 allocation units available on disk. Internal Info: 80 d8 03 00 17 9e 03 00 59 6b 06 00 00 00 00 00 ........Yk...... db 75 00 00 2b 00 00 00 00 00 00 00 00 00 00 00 .u..+........... 30 c7 04 77 00 00 00 00 50 23 d5 ff 00 00 00 00 0..w....P#...... Windows has finished checking your disk. Please wait while your computer restarts.

[OCD]

Hi CoolCat,

chkdsk looks good.

=========================

And I am using Chrome as the browser and have read to disable the pepperflash in there. However, if I do that, then no video copying, correct?

I can't say for sure as I don't know what this plug-in is supposed to do. You have a few options to try and help correct the RealPlayer issue. Please try these in the exact order as listed:

1. Disable Plug-ins in Google Chrome

• Click the Chrome menu on the browser toolbar.
• Select Settings.
• Scroll down to Show advanced settings...
• Locate the Privacy Section, select Content Settings
• In the pop up window scoll to Plug-Ins, select Disable individual plug-ins...
• Locate the following plug-ins and set them to Disable:
  
  • RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In
• Exit Chrome settings menu.

=========================

2. Reboot

=========================

3. Delete cache and other browser data in Chrome

• Click the Chrome menu on the browser toolbar.
• Select Tools.
• Select Clear browsing data.
• In the dialogue that appears, select the highlighted check-boxes for the types of information that you want to remove.
  
  • Clear browsing history
  • Clear download history
  • Empty the cache
  • Delete cookies and other site and plug-in data
  • Clear saved passwords
  • Clear saved Autofill form data
  • Clear data from hosted apps
  • Deauthorize content licenses
• Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
• Click Clear browsing data.

=========================

4. Reboot

=========================

Re-enable the plug-in and check the results.

=========================

5. System File Checker (SFC)

• Click on the Start button and in the Search programs and files box type the following:
  
  
  • command
• Don't press Enter, just let the search results populate above.
• In the search results, locate the Programs section.
• Locate the Command Prompt shortcut and right-click on it.
• Select Run as administrator.
• Click Yes on the User Account Control window that appears.
• Important: If you are see a User Account Control window but also a message that says To continue, type an administrator password, and then click Yes, then your user account must be a standard account, not an administrator account. Before you can click Yes and open an elevated command prompt, you'll need to type the password of another user on your Windows 7 computer that has administrator level privileges.
• Note: You will not see this window at all if your User Account Control settings are turned all the way down. See How To Disable User Account Control in Windows 7 for more information.
• An elevated Command Prompt window will appear.
  
  
  • Type: sfc /scannow (There's a space between sfc and /scannow.)
• Type: exit to close the command prompt window
• Include the findings in your next reply

=========================

In your next post please provide the following:

• System File Checker (SFC) results
• How is the system running?

[CoolCat]

Well, if you want to know how the system is running right now, it's doing alright, right now, but man, I shut everything down other than the computer and ran that scan, then came back here and posted that log. Then I went to boot up AOL and I kept getting an error message that there was no internet connection. That scared me because i could see it and see it said i had local and Internet and was on the cable, not the router. So I finally rebooted again and all H broke loose. The Comodo window came up but it was only 1/2 the regular size as usual. I noticed things looked odd or some things were missing and that even included the X in the corner of the Comodo firewall notice screen to close that window and that's not even the program, itself. I tried to boot AOL and that didn't work, tried to get on Facebook and got errors that I had no internet and sure enough, everything regarding the net had a red X over it as far as internet programs go. I rebooted one more time and started moving things on the desktop to the folders I wanted to save because I really thought this was the end of my computer and it still may be. I just need to get my things off here if I can in case. Most things are backed up but there's a good reason a lot of them aren't and there was no Windows disk with this computer when I bought it so I don't know if I can wipe it on my own or not. Anyway, I have been up all night and am not up to another scan until late tonight because I can't think well enough to trust myself to do things correctly.BTW, I have used CCleaner with this computer ever since I got it in late 2009 so it cleans everything out from IE, Chrome and FF plus AOL. Is that sufficient? I also have ATF Cleaner but don't like using it. I'll post the logs and such when I am done later tonight. Thank you much for your help.