Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow to connect to internet and 2 blue screens


  • Please log in to reply

#46
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Hi I uninstalled Bonjour and reinstalled the UPH clean but not sure what else I had to do?
  • 0

Advertisements


#47
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
Look in your printers and see if you have Logosmartz or any Xerox printer. If some uninstall them. Also look and see if you have a program called logosmartz Apparently it comes from Staples: http://www.logosmartz.com/ and it is trying to use a Xerox printer which is no longer there.

Then let's clear the alarms and reboot and see what alarms we have now.


Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:

2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

If you are sure you are not running P2P software like utorrent then we need to figure out what is using the internet. Copy the next line:

netstat -ano > %userprofile%\junk.txt
tasklist >> %userprofile%\junk.txt
notepad %userprofile%\junk.txt


Start, All Programs, Accessories, Command Prompt. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply. Close notepad. Close the Command Window.
  • 0

#48
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Hi I dont have any printers installed on the laptop and I'm not running any p2p software that I can see. Here are the logs the 2nd part opened up a text document but it was blank so I copied what it said in command prompt


Vino's Event Viewer v01c run on Windows XP in English
Report run at 08/12/2013 08:40:19

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/12/2013 08:37:58
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<iexplore.exe> C:\...es\Links\desktop.ini

Log: 'System' Date/Time: 08/12/2013 08:37:14
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0CEEE6E138CF. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 07/12/2013 15:57:54
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<chrome.exe> C:\...\User Data\Local State

Log: 'System' Date/Time: 07/12/2013 14:30:06
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0CEEE6E138CF. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 07/12/2013 09:57:47
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<chrome.exe> C:\...ook.com_0.localstorage

Log: 'System' Date/Time: 07/12/2013 09:56:21
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0CEEE6E138CF. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 06/12/2013 15:32:27
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<chrome.exe> C:\...ta\Default\Preferences

Log: 'System' Date/Time: 05/12/2013 16:48:36
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0CEEE6E138CF. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 05/12/2013 08:24:18
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0CEEE6E138CF. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 04/12/2013 21:00:57
Type: warning Category: 0
Event: 18 Source: avgntflt
TIMEOUT<iexplore.exe> C:\...\page__st__30[1].htm

Log: 'System' Date/Time: 03/12/2013 20:26:21
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0CEEE6E138CF. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 03/12/2013 14:59:49
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0CEEE6E138CF. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 03/12/2013 14:59:47
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0CEEE6E138CF. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 03/12/2013 13:48:39
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0CEEE6E138CF. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 03/12/2013 09:53:15
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0CEEE6E138CF. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 30/11/2013 16:24:29
Type: warning Category: 0
Event: 240 Source: Win32k
A request to suspend power was denied by winlogon.exe.

Log: 'System' Date/Time: 30/11/2013 14:30:29
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 30/11/2013 13:12:12
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0CEEE6E138CF. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 30/11/2013 09:12:51
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 30/11/2013 08:39:47
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0CEEE6E138CF. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Microsoft Windows XP [Version 5.1.2600]
© Copyright 1985-2001 Microsoft Corp.


Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]

-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
permissions.
-e Displays Ethernet statistics. This may be combined with the -s
option.
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-v When used in conjunction with -b, will display sequence of
components involved in creating the connection or listening
port for all executables.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.

C:\Documents and Settings\Gillian>tasklist >> %userprofile%\junk.txt
ERROR: Invalid Argument/Option - 'and'.
Type "TASKLIST /?" for usage.

C:\Documents and Settings\Gillian>notepad %userprofile%\junk.txt

C:\Documents and Settings\Gillian>
  • 0

#49
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
That didn't work for some reason. Let's try tcpview:

http://live.sysinter...com/Tcpview.exe

Download, Save and Run it. Give it a minute to settle down then File, Save As, (to your desktop) tcpview OK. This should create a file tcpview.txt on your desktop. Please attach it or you can copy and paste as it is not that big.

Also get autoruns from
http://live.sysinter...om/autoruns.exe

Download Save and Run the program. Let it finish scanning then File, Save, to your desktop, autoruns.arn, OK

Either zip up the file if you have the ability (7-zip works nicely) or just rename it from autoruns.arn to autoruns.txt then ATTACH it. Do not copy and paste.
  • 0

#50
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Attached File  AutoRuns.zip   134.86KB   27 downloadsalg.exe 3752 TCP e6400 1028 e6400 0 LISTENING
AppleMobileDeviceService.exe 1508 TCP e6400 27015 e6400 0 LISTENING
AppleMobileDeviceService.exe 1508 UDP e6400 1025 * *
AppleMobileDeviceService.exe 1508 UDP e6400 1026 * *
iexplore.exe 4084 TCP e6400 1484 lhr14s19-in-f12.1e100.net http ESTABLISHED
iexplore.exe 4084 TCP e6400 1472 lhr14s19-in-f11.1e100.net http ESTABLISHED
iexplore.exe 4084 TCP e6400 1469 lhr14s19-in-f12.1e100.net http ESTABLISHED
iexplore.exe 4084 TCP e6400 1485 lhr14s19-in-f12.1e100.net http ESTABLISHED
iexplore.exe 4084 TCP e6400 1470 lhr14s19-in-f12.1e100.net http ESTABLISHED
iexplore.exe 4084 TCP e6400 1476 lhr14s19-in-f11.1e100.net http ESTABLISHED
iexplore.exe 4084 TCP e6400 1475 m58-mp1-cvx1b.lan.ntl.com http ESTABLISHED
iexplore.exe 4084 TCP e6400 1479 lhr14s19-in-f11.1e100.net http ESTABLISHED
iexplore.exe 4084 TCP e6400 1471 wg-in-f157.1e100.net http ESTABLISHED
iexplore.exe 4084 TCP e6400 1480 lhr14s19-in-f11.1e100.net http ESTABLISHED
iexplore.exe 4084 TCP e6400 1481 lhr14s19-in-f11.1e100.net http ESTABLISHED
iexplore.exe 4084 TCP e6400 1477 lhr14s19-in-f12.1e100.net http ESTABLISHED
iexplore.exe 4084 TCP e6400 1467 wb-in-f121.1e100.net http ESTABLISHED
iexplore.exe 4084 TCP e6400 1478 lhr14s19-in-f12.1e100.net http ESTABLISHED
iexplore.exe 4084 TCP e6400 1468 lhr14s19-in-f11.1e100.net http ESTABLISHED
iexplore.exe 4084 UDP e6400 1463 * *
jqs.exe 1624 TCP e6400 5152 e6400 0 LISTENING
lsass.exe 620 UDP e6400 isakmp * *
lsass.exe 620 UDP e6400 4500 * *
svchost.exe 840 TCP e6400 epmap e6400 0 LISTENING
svchost.exe 1024 TCP e6400 2869 e6400 0 LISTENING
svchost.exe 880 UDP e6400 ntp * *
svchost.exe 1024 UDP e6400 1900 * * 30 6,087 1,327 4
svchost.exe 880 UDP e6400 ntp * *
svchost.exe 1024 UDP e6400 1900 * *
System 4 TCP e6400 microsoft-ds e6400 0 LISTENING
System 4 TCP e6400 netbios-ssn e6400 0 LISTENING
System 4 UDP e6400 netbios-ns * *
System 4 UDP e6400 microsoft-ds * *
System 4 UDP e6400 netbios-dgm * * 1 206 1

Edited by Steviep, 08 December 2013 - 10:47 AM.

  • 0

#51
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
You have a large number of connections to Google. Close your browser and then run tcpview again and post the log. There is no sign of P2P in tcpview or autoruns. I also can't see where the xerox stuff is coming from.

Also let's clear the alarms, reboot and run VEW again and see what alarms remain.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:

2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#52
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 08/12/2013 19:32:25

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/12/2013 19:28:10
Type: error Category: 0
Event: 23 Source: Print
Printer LogoSmartz failed to initialize because a suitable Xerox DocuTech 135 PS2 driver could not be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Vino's Event Viewer v01c run on Windows XP in English
Report run at 08/12/2013 19:34:16

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#53
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
Just seeing the Logosmartz error See if this command work to tell us more:

Copy the next 2 lines:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers /s > \junk.txt
notepad \junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied lines should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply. Close notepad. Close the Command Window.

(Best to copy and paste the commands rather than try to type them.)
  • 0

#54
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers
DefaultSpoolDirectory REG_SZ C:\WINDOWS\System32\spool\PRINTERS

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\LogoSmartz
ChangeID REG_DWORD 0x966ad6
Status REG_DWORD 0x180
Name REG_SZ LogoSmartz
Share Name REG_SZ
Print Processor REG_SZ WinPrint
Datatype REG_SZ RAW
Parameters REG_SZ
ObjectGUID REG_SZ
DsKeyUpdate REG_DWORD 0x0
Description REG_SZ
Printer Driver REG_SZ Xerox DocuTech 135 PS2
Default DevMode REG_BINARY 4C006F0067006F0053006D006100720074007A00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001040205DC00C40253EF810101000100EA0A6F08640001000F005802020001005802030001004C00650074007400650072000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000200000001000000000000000000000000000000000000000000000050524956E230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000001027102710270000102700000000000000000000C4020000000000000000000000000000000000000000000000000200000000000000000010005C4B03006843040000000000000000000000000000000000000000000000000000000000EB67E823110000000000FF0001000000000000000100000001000200000000000100010001000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Priority REG_DWORD 0x1
Default Priority REG_DWORD 0x0
StartTime REG_DWORD 0x0
UntilTime REG_DWORD 0x0
Separator File REG_SZ
Location REG_SZ
Attributes REG_DWORD 0x200
txTimeout REG_DWORD 0xafc8
dnsTimeout REG_DWORD 0x3a98
Security REG_BINARY 01000480E4000000F400000000000000140000000200D00008000000000A14000000020001010000000000030000000000091400000000100101000000000003000000000000140008000200010100000000000100000000000A140000000020010100000000000100000000000018000C000F0001020000000000052000000020020000000B18000000001001020000000000052000000020020000000018000C000F0001020000000000052000000023020000000B1800000000100102000000000005200000002302000000000000000000000000000000000000000000000000000001020000000000052000000020020000010500000000000515000000C6BB507AFA4F0C2F43170A3201020000
SpoolDirectory REG_SZ
Port REG_SZ FILE:
Action REG_DWORD 0x0
DsKeyUpdateForeground REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\LogoSmartz\DsDriver
printBinNames REG_MULTI_SZ Automatically Select\0\0
printCollate REG_BINARY 00
printColor REG_BINARY 01
printDuplexSupported REG_BINARY 00
printStaplingSupported REG_BINARY 00
printMaxXExtent REG_DWORD 0x86f
printMaxYExtent REG_DWORD 0xde4
printMinXExtent REG_DWORD 0x417
printMinYExtent REG_DWORD 0x86f
printMediaSupported REG_MULTI_SZ Letter\0\0
printMediaReady REG_MULTI_SZ Letter\0\0
printNumberUp REG_DWORD 0x6
printMemory REG_DWORD 0x14e8
printOrientationsSupported REG_MULTI_SZ PORTRAIT\0\0
printMaxResolutionSupported REG_DWORD 0x258
printLanguage REG_MULTI_SZ PostScript\0\0
printRate REG_DWORD 0xc
printRateUnit REG_SZ PagesPerMinute
printPagesPerMinute REG_DWORD 0xc
driverVersion REG_DWORD 0x401

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\LogoSmartz\DsSpooler
description REG_SZ 1025
driverName REG_SZ Xerox DocuTech 135 PS2
location REG_SZ Xerox DocuTech 135 PS2
portName REG_MULTI_SZ FILE:\0\0
printStartTime REG_DWORD 0x0
printEndTime REG_DWORD 0x0
printerName REG_SZ LogoSmartz
printKeepPrintedJobs REG_BINARY 00
printSeparatorFile REG_SZ 00
printShareName REG_SZ
printSpooling REG_SZ PrintAfterSpooled
priority REG_DWORD 0x1
uNCName REG_SZ Logosmartz
versionNumber REG_DWORD 0x4
serverName REG_SZ Logosmartz
shortServerName REG_SZ Logosmartz
url REG_SZ http://www.logosmartz.com
flags REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\LogoSmartz\PnPData
HardwareID REG_SZ XeroxXerox_DocuTech_5306
Manufacturer REG_SZ Xerox
OEM URL REG_SZ http://www.xerox.com...%&model=%MODEL%

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\LogoSmartz\PrinterDriverData
InitDriverVersion REG_DWORD 0x502
FreeMem REG_DWORD 0x14e8
JobTimeOut REG_DWORD 0x0
Protocol REG_DWORD 0x0
PrinterDataSize REG_DWORD 0x230
PrinterData REG_BINARY 02053002800C00008BA25300000000002C0100006400580200000000000000000000000000000000EB67E823030000000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
FeatureKeywordSize REG_DWORD 0x2f
FeatureKeyword REG_BINARY 4F7074696F6E310046616C7365000A4F7074696F6E320031364D6567000A4F7074696F6E330046616C7365000A0000
Forms? REG_DWORD 0x23e867eb
DependentFiles REG_MULTI_SZ PSCRIPT.NTF\0\0
Installed Memory REG_DWORD 0xffffffff
  • 0

#55
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
Copy the next line:

reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\LogoSmartz

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Do you get an error? Close the Command Window.

If no error then:

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
  • 0

Advertisements


#56
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 08/12/2013 22:16:00

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vino's Event Viewer v01c run on Windows XP in English
Report run at 08/12/2013 22:16:37

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#57
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
That appears to have gotten rid of the logo thing. How is it running now?
  • 0

#58
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Once connected to the internet it seems to be running fine but still takes about 5 mins from start up to establish connection
  • 0

#59
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,024 posts
  • MVP
Download HostsXpert from http://www.funkytoad...HostsXpert.zip. Save the file then right click and Extract All. It will create a new folder in the same place. In the folder find HostsXpert.exe and run it.

It will take a few seconds to appear. If the top line in the left column says Make Writeable, click on it and it should change to Make Read Only? If it already says Make Read Only? that's OK just go on to the next step.
Now click on the left column entry that says: Restore MSHosts file. Click on the Make Read Only? entry then close HostXpert.

Copy the next two lines:

netsh winsock reset catalog
netsh int ip reset reset.log

Start, All Programs, Accessories, click on Command Prompt. Right click and Paste or Edit then Paste and the copied lines should appear. Hit Enter then reboot.

Any better this time?
  • 0

#60
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Hi did that and its still the same, it used to be that soon after the laptop was switched on the wee computer would appear in the notifications area of the taskbar but now the clock comes up and the icon for anti virus then it sits and I get a warning saying no firewall is turned on before the computer icon appears and tries to aquire a network address
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP