177 replies to this topic

[lthsinc]

So I've gone through the Quick Defrag, and then the full Degrad with Defraggler. (took 2 days) It says there is 27% Fragmentation, is that acceptable?

[oldman960]

Hi lthsinc, That may be bit high but are some cases where something just can not be defragmented. I've never used Defraggler, does it give report on why or what it wasn't able to defrag? If it took that long then the hard drive was very fragmented. You should get in the habit of doing routine maintenance including a defrag once a month. I don't think it will take as long if you stay on top of it. More importantly did it help your situation?

[lthsinc]

It had originally said that the computer was about 54% fragmented, but everything does seem to be working pretty good. I did get a double re-start again, but that was just one instance, seems to be fine know. Things are definitely working much better, thanks so much. I did have a question about the computer that started it all...As I'd told you previously, I finally was able to get rid of that infection by reformatting from the discs I got from the manufacturer, rather than from the partition on the computer for that purpose. (it would just continue to reinfect itself) Everything is running great there, but there is a glitchy thing that I'm told existed from day one on that computer. Sometimes when typing, the cursor will randomly just jump to another area on the page. It happens occasionally, but is naturally quite distracting and frustrating. I know this happened on my daughter's computer, and it was happening all the time, but in her case it turned out to be a bad hard drive which was replaced. Is there anything I can do to resolve that problem on this computer? It's a Lenovo laptop, model 4446, using Windows Vista. Thanks again, talk w/you soon.

[oldman960]

Hi lthsinc,

It's a Lenovo laptop, model 4446, using Windows Vista. Thanks again, talk w/you soon.

A little confused here. You say this machine has Vista installed? Your logs show XP.

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600)

Or are you talking about a different computer?

[lthsinc]

Sorry, thought you were Conspire. When he first began helping me we were talking about another, seriously infected machine, which was a Vista. Then we began working on mine, which is the XP one. The original computer was the one I was asking about just now. I've completely redone that one, and all is working well, I just had the little issue with the cursor I was asking about.

[oldman960]

Hi lthsinc,

Thanks for the clarification.

but there is a glitchy thing that I'm told existed from day one on that computer. Sometimes when typing, the cursor will randomly just jump to another area on the page.

I think that may be best answered by the Tech Forum. Microsoft Windows or General Hardware


We'll finish up the XP machine.


Go to Add/Remove programs and uninstall these old vulnerable versions of java if you haven't already done so.

J2SE Runtime Environment 5.0 Update 6
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7

Do not uninstall Java 6 Update 22



Next, clear the java cache

To clear the Java Plug-in cache:

• Click Start > Control Panel.
• Double-click the Java icon in the control panel.
• On the General tab, Click Settings under Temporary Internet Files.
• On the Temporary Files Settings screen, Click Delete Files.
• check all boxes
• Click OK

After we have cleaned up the tools you should install Service Pack 3. You can download it from HERE.

Do not install it yet.

• Download the Service Pack and save it to your desktop
• Either boot to Safe Mode and install it or
• Make sure your antivirus program is disabled or it may interfer and cause problems and install it in normal windows.

It may say it's for IT Professionals and Developers but it will work just fine for you and this may be one of the best ways to install this service pack.


We'll clean up the tools.

From your desktop, please delete, if present

• any notepads/logs that we created
• RKUnhookerLE.exe
• MBRCheck.exe
• GooredFix

Next

Click the Start button, click Run. Copy and paste the following line into the run box and click OK
Combofix /uninstall


Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

I suggest you keep MBAM. Keep MBAM updated and use it regularly.


Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall.

* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

Click FIREWALL for tips, reviews and links to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware,IMO)


You should also use Spyware Blaster to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.


-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.

• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.


- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis

- Ensure that Automatic Update is turned on so you get all the latest patches.
Click start, control panel, click Security Center.

- Keep your antivirus program updated, as well as any other security programs you have.

-More tips and programs can be found HERE

- You may also want to read this article By Tony Klein
http://www.freedomli...pic.php?t=22879

Take care

[lthsinc]

Don't have Combofix, I think that was a program that wouldn't work, so I was told to download and install Revo Uninstaller. Re: IE, as mentioned earlier, I rarely use, and only have it in case it's needed for a specific issue, but I followed all the instructions, and interestingly, all the recommendations were already in place, except Navigate sub-frames across different domains was on Disable, so I changed that to Prompt. The OTL has been stuck in it's process for a while, I may reboot and try again on that, it did this once before for other instructions, but worked fine after rebooting. I've always been on the auto update for Windows, but SP3 has never been able to install. I'll try it your way, see if it works, but will create a restore point in case anything goes wrong. Am a bit paranoid about those since my first complete computer crash came after such an update. (although more than 10 years ago...but only takes once to scare you to death!) Will get back to you after the update. (keeping fingers crossed)

[oldman960]

Hi lthsinc,

I'll try it your way, see if it works, but will create a restore point in case anything goes wrong.

We'll take care of the restore points right now. Since we didn't use combofix in this topic we'll do it this way. This will also remove any old restore points that may be infected.

* Create a new restore point

You must be logged on to an administrator account

• Go to Start - All Programs - Accessories - System Tools - System Restore.
• Click Create a restore point, and then click Next.
• In the text box labeled Restore Point Description, type a name for this restore point
• click create

* Remove old restore points

• Go to Start - All Programs - Accessories - system tools.
• Launch the Disk Cleanup tool and let it run.
• When it finishes a box with tabs will appear, select the more options tab.
• On this tab you will find a section for System Restore.
• If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.

[lthsinc]

I'd already created the restore point, just in case the SP3 install created any problems. But once again, it would not install. I was in Safe Mode, and ran the program, but then I got two error messages. The first read, "The file or directory is corrupted and unreadable", and the other was, "Installation did not complete".

[lthsinc]

Now I suddenly keep getting an error message from Microsoft Visual C ++ Runtime Library that says: "Runtime Error! Program: C:\P... This application has requested the Runtime to terminate in an unusual way. Please contact the application's support team for more information. Not sure what this was is for, have never gotten it before. Also, Outlook is suddenly not working right, and the computer is working rather haltingly when working in or switching between browser windows, it will stall, then work fine, then stall, etc. I'll reboot a couple of times, see if that helps. It also is now taking longer to open and switch between programs, or move files, etc., than it was before this last set of instructions. Hopefully just a temporary situation, as mentioned, I'll try rebooting a couple of times, see if things clear up. Talk w/you soon.

[oldman960]

Hi Have a look in Add/Remove program and see if Windows Xp Service Pack 3 is listed.

[lthsinc]

Nope, not listed.

[oldman960]

Hi

Windows would have created a Restore Point named "Installed Window XP Service Pack 3". You can restore back to that one.

"Runtime Error!
Program: C:\P...
This application has requested the Runtime to terminate in an unusual way. Please contact the application's support team for more information.

Let's see if we can get some more information on the errors.

Start, click Control Panel, click Performance and Maintenance, click Administrative Tools, and then double-click Event Viewer.

Click on system. Have a look for the errors you recieved and post as much detail as possible from the entry.

[lthsinc]

Actually, I'd mentioned earlier today that SP3 has never installed. Even when it tried from the auto update, it's never worked. That's why I tried it the way you suggested, installing manually, but as noted, that didn't work either, and I'd included the error message. So there wouldn't be a restore point named "Installed Window XP Service Pack 3". As for error messages, here is everything for today that had an error icon next to it: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906). The server {03CA98D6-FF5D-49B8-ABC6-03DD84127020} did not register with DCOM within the required timeout. The server {E0EC0F2B-773D-4DD7-BE6C-7D85D6AA6269} did not register with DCOM within the required timeout. DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} The server {E0EC0F2B-773D-4DD7-BE6C-7D85D6AA6269} did not register with DCOM within the required timeout. The server {03CA98D6-FF5D-49B8-ABC6-03DD84127020} did not register with DCOM within the required timeout. DCOM got error "The dependency service or group failed to start. " attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} The server {03CA98D6-FF5D-49B8-ABC6-03DD84127020} did not register with DCOM within the required timeout. The server {E0EC0F2B-773D-4DD7-BE6C-7D85D6AA6269} did not register with DCOM within the required timeout. Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906). DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} The server {E0EC0F2B-773D-4DD7-BE6C-7D85D6AA6269} did not register with DCOM within the required timeout. DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} The server {E0EC0F2B-773D-4DD7-BE6C-7D85D6AA6269} did not register with DCOM within the required timeout. DCOM got error "The service did not respond to the start or control request in a timely fashion. " attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} The server {03CA98D6-FF5D-49B8-ABC6-03DD84127020} did not register with DCOM within the required timeout. DCOM got error "The dependency service or group failed to start. " attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} DCOM got error "The dependency service or group failed to start. " attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} The server {03CA98D6-FF5D-49B8-ABC6-03DD84127020} did not register with DCOM within the required timeout. Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 SP1 Security Update for Windows 2000 and Windows XP (KB979906). The server {03CA98D6-FF5D-49B8-ABC6-03DD84127020} did not register with DCOM within the required timeout. The server {E0EC0F2B-773D-4DD7-BE6C-7D85D6AA6269} did not register with DCOM within the required timeout. DCOM got error "The dependency service or group failed to start. " attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

[lthsinc]

Not sure if it would help, but I tried to paste and send an error log created today by MSInstaller in the Application section of Event Viewer, but I guess it was too large as it errored out twice. If you need that, just let me know how to send it to you. Thanks. (It's 2.29 MB)