Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

No Sound After Recent MS XP Security Update [Solved]


  • This topic is locked This topic is locked

#16
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Now I feel stupid - OTL isn't producing a log upon reboot.


If the log doesn't appear where you saved OTL when you downloaded it then a copy of the OTL log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

Now

Download Windows Repair (all in one) from this site

Install the program then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab click start
Posted Image

Select the following items and tick restart system when finished
Posted Image

After that try your updates.

Come back and tell me how it went.
  • 0

Advertisements


#17
dale1234

dale1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OK, found the OTL and ran the other stuff - seems okay to me. Sound playing normally, things opening normally (Task Manager was the scary one, I realized last night - when I can't open Task Manager...

From last night:

========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}\ not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 12092012_002641

=======================

today:

# AdwCleaner v2.011 - Logfile created 12/09/2012 at 01:12:27
# Updated 02/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Dale - STEN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Dale\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Common Files\Software Update Utility

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Dale\Application Data\Mozilla\Firefox\Profiles\xp3g4fv2.default\prefs.js

C:\Documents and Settings\Dale\Application Data\Mozilla\Firefox\Profiles\xp3g4fv2.default\user.js ... Deleted !

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2891 octets] - [09/12/2012 01:12:27]

########## EOF - C:\AdwCleaner[S1].txt - [2951 octets] ##########
  • 0

#18
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Sorry for the delay getting back to you. Telco company doing some maintenance and while I might have appeared online actually didn't even have land line telephone.

Task Manager was the scary one, I realized last night - when I can't open Task Manager...


Is that still the case? Tell me when you come back.

Now

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#19
dale1234

dale1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
My turn for a delay: first the Snowpocalypse this weekend and then ESET took 9 hours to finish.

Answer: Task Manager comes up normally now, ever since the last OTL.

================ESET==========
C:\Downloads\Printfolders\cnet2_pfolders_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\08.12.2012_16.07.37\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined

Edited by dale1234, 11 December 2012 - 12:38 PM.

  • 0

#20
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello again dale1234,

I think your machines is good to go now.:thumbsup:

We have a couple of last steps to perform and then you're all set.Posted Image

Step 1

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [CLEARALLRESTOREPOINTS]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
Step 2

  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Any tools remaining may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:

  • If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > System and Security > Windows Update
    * Under Windows Update click on Turn automatic updating on or off
    * Check items shown to ensure you receive updates automatically. Click OK.

    And to keep your system clean consider choosing from these free for home use malware scanners and updating and running weekly.
  • Malwarebytes
  • SuperAntiSpyWare
Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#21
dale1234

dale1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
emerald -

Thanks!

Everything feels right, and I have 1 last question:

Is the little "Run As" dialog box I'm getting on startup legit or a fake? That's the only thing still happening after all the fixes and reboots. I think that once I choose "Current user" and leave "protect my computer... " switched off it SHOULD stop asking me, but I forget - I don't reboot under normal behavior very often.

-dale
  • 0

#22
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello dale1234,

Is the little "Run As" dialog box I'm getting on startup legit or a fake? That's the only thing still happening after all the fixes and reboots. I think that once I choose "Current user" and leave "protect my computer... " switched off it SHOULD stop asking me, but I forget - I don't reboot under normal behavior very often.


Let's see what this tells us:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :reg
    HKEY_CLASSES_ROOT\exefile\shell /sub
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
  • 0

#23
dale1234

dale1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
SystemLook 30.07.11 by jpshortstuff
Log created at 11:47 on 12/12/2012 by Dale
Administrator - Elevation successful

========== reg ==========

[HKEY_CLASSES_ROOT\exefile\shell]
(No values found)

[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=00 00 00 00 (REG_BINARY)

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@=""%1" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas]
(No values found)

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@=""%1" %*"


-= EOF =-
  • 0

#24
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Looks pretty good although there is one anomaly there. It could an error in the registry left over from the malware or it may just be showing that way because of an anomaly in the forum or browser software.

Let's make sure with a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="%1" %*"

[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="%1" %*"


Then double click on the fix.reg file, when it prompts to merge click "Yes"

The above Registry file was written specifically for this person's computer. It should NOT to be used on another computer, as it may cause serious damage.

If the problem still persists after reboot go to the link below and try the solutions outlined in the answer to the query:

http://answers.micro...7d-7cda3058c0fa

Come back and tell me how you got on.
  • 0

#25
dale1234

dale1234

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
SO sorry for delay!

Everything is working fine, just as it was before. Thanks Emerald and geekstogo! I'll see you in another 2 years or so - that seems to be my frequency of clicking the wrong darned thing.

Thanks again!

-dale
  • 0

Advertisements


#26
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP