[Jerry23]

Hi Emerald,

That is my objective - to get my computer in a condition that I can successfully update to sp3 & IE 8.

I tried that on 11/11/09, after a Win repair procedure. When I updated to sp3 + [but before I updated to IE 8] it caused all kinds of major problems. IE was VERY unstable, windows flop around, hard to close windows. Almost looked like a virus. Tried to run Malwarebytes - got an Err Msg:vb Accellerator sgrid 11 control X- Runtime Error '0'. Hit OK - Malwarebytes runtime error '440'/automation error. Tried to uninstall Malwarebytes - many runtime errors. Tried to open IE window - IE has encountered a problem - needs to close. Start > Windows Update - Err - IE has encountered a problem - needs to close.

Had to do a system restore - to the point where I first did the system repair. Got the same application error on the first boot, that I got when I did the system repair. OFVISEX caused an access violation in ntdll.dll st 0x7c9116e. Clk close to terminate the application.

Here is some more info.

http://www.geekstogo...ws-t258890.html

I don't want to take a chance on repeating the same problem scenario as I got into the first time I updated to sp3. The people on the Windows XP board had some ideas, but wanted me to get a clean infection bill of health before we proceeded over there. Are we at that point yet?

Regards,

Jerry

Edited by Jerry23, 30 November 2009 - 05:40 PM.

[Advertisements]

Hi Emerald,

I solved my problem with the AutoPlay not working with the MS Autoplay Repair Wizzard. No Corrupt files. I found this:

http://www.microsoft...;displaylang=en

The report is shown below. Maybe you would be so kind as to translate it for me. Kinda looks like a corrupt registry path??????

All kinds of strange "STUFF" going on today. The second path for user JERRY disappeared earlier -- BEFORE I ran the above program. I no longer get that aggravating "Welcome logon screen " getting in the way.

Solving all kinds of problems, with no idea how they got solved. Not very useful if they happen again.

IE stable today -- so far!!!

Regards,

Jerry



AutoFix [V5.2.3790.67]
Time [2009-11-30 19:39:57]
Microsoft Windows Version [5.1 (Service Pack 2) <2600>]

Test [The Shell Hardware Detection service is running.] - Instance [N/A]:
Result [AutoStart Setting]: OK
Result [The Shell Hardware Detection service is running.]: OK

Test [Policies] - Instance [I:\, Drive Type: 5]:
Result [HKCU\...\Policies!NoDrives]: OK {Present}
Result [HKCU\...\Policies!NoDriveAutorun]: OK {Present}
Result [HKCU\...\Policies!NoDriveTypeAutorun]: OK {Present}
Result [HKLM\...\Policies!NoDrives]: OK {Present}
Result [HKLM\...\Policies!NoDriveAutorun]: Problems {Present}
Result [HKLM\...\Policies!NoDriveTypeAutorun]: OK {Present}
>> Repair << [HKLM\...\Policies!NoDriveAutorun]
Step: Resetting policy HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDriveAutorun to 0x03FFFEFF.
Result: This AutoPlay setting was successfully fixed.

>> Required action: The user must log off and log on again

Edited by Jerry23, 30 November 2009 - 07:14 PM.

[Jerry23]

Hi Emerald,

I solved my problem with the AutoPlay not working with the MS Autoplay Repair Wizzard. No Corrupt files. I found this:

http://www.microsoft...;displaylang=en

The report is shown below. Maybe you would be so kind as to translate it for me. Kinda looks like a corrupt registry path??????

All kinds of strange "STUFF" going on today. The second path for user JERRY disappeared earlier -- BEFORE I ran the above program. I no longer get that aggravating "Welcome logon screen " getting in the way.

Solving all kinds of problems, with no idea how they got solved. Not very useful if they happen again.

IE stable today -- so far!!!

Regards,

Jerry



AutoFix [V5.2.3790.67]
Time [2009-11-30 19:39:57]
Microsoft Windows Version [5.1 (Service Pack 2) <2600>]

Test [The Shell Hardware Detection service is running.] - Instance [N/A]:
Result [AutoStart Setting]: OK
Result [The Shell Hardware Detection service is running.]: OK

Test [Policies] - Instance [I:\, Drive Type: 5]:
Result [HKCU\...\Policies!NoDrives]: OK {Present}
Result [HKCU\...\Policies!NoDriveAutorun]: OK {Present}
Result [HKCU\...\Policies!NoDriveTypeAutorun]: OK {Present}
Result [HKLM\...\Policies!NoDrives]: OK {Present}
Result [HKLM\...\Policies!NoDriveAutorun]: Problems {Present}
Result [HKLM\...\Policies!NoDriveTypeAutorun]: OK {Present}
>> Repair << [HKLM\...\Policies!NoDriveAutorun]
Step: Resetting policy HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDriveAutorun to 0x03FFFEFF.
Result: This AutoPlay setting was successfully fixed.

>> Required action: The user must log off and log on again

Edited by Jerry23, 30 November 2009 - 07:14 PM.

[emeraldnzl]

Hello again Jerry23,

Looks like that utility reset your policies for Autorun.

Thanks for that link by the way. I will add it to my library.

Whatever is happening with your machine it seems to be good.

I think we should get the tools we have been using off your machine. They can cause problems if left there.

After that I will keep the topic open for a few days in case you have any other issues. For example if you do carry out an update and an issue develops.

Now

We have a couple of last steps to perform and then you're all set.

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

Step 2

• Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
• Click on the CleanUp! button
• Click Yes to begin the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. Erunt can also be uninstalled via the add/remove programs utility, for some though, it may be a useful backup program to hold on to. The DeFogger and RootRepeal folder/files can be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to turn back on any anti-malware programs you may have turned off during the cleaning process.

-------------------------------------------------------------------------------------------------------------------

Now that your machine is clean here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

Be sure and give the Temp folders a cleaning out now and then. This helps with security and your computer will run more efficiently. I clean mine once a week. For ease of use, you might consider the following free program:

• ATF Cleaner

--------------------------------------------------------------------------------------------------------------------

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Consider using an alternate browser. Mozilla's Firefox browser is excellant; it is more secure than Internet Explorer. Firefox is my default browser but I retain Internet Explorer as well so that I can access the very few sites that require it.

Firefox may be downloaded from Here

NoScripts is a good Add-on for Firefox that prevents execution of malicious scripts.

-----------------------------------------------------------------------------------------------------------------------

Startuplite is a tool to help you stop some programs not needed when you start your computer from loading. They will begin automatically only when needed.

-----------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future here are some free programs you can look at:

If your Microsoft Update is not working automatically. Keep your operating system up to date by visiting

• Microsoft Windows Update

monthly.

It is recommended that you do set Windows to check, download and install your updates automatically.

• Click Start > Control Panel > Automatic Updates
  
• Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
  
• Click Apply then OK.

Go here for some good advice about how to prevent infection.

Have a safe and happy computing day!

[Jerry23]

Hi Emerald,

Thanks for all the good info. I will take care of those items tomorrow. And thank you again for all your wonderful help.

Is there a way I can save this thread for future reference? It has a lot of good info, details of how to, & links. Will the links work?

Well after a pretty successful day, it is ending on a sour note. I was in the process of shutting down for the day, when I got the Err Msg: IE has encountered a problem with an add-on & needs to close. File: Flash10c.exe, Adobe Flash Player. This seems to happen every 2-3 days. I had to do a hard turn-off after this. That does not happen very often.

This occurred in a pattern I mentioned before. It happened after a long day of heavy usage, followed by a period of sitting idle [~ 2 hrs], and after running a full scan. It has not been unusual for my computer to get unstable at the end of the day, following the pattern outlined above. This has been happening for many months now.

Can you think of any reasons for this. Is it common for a computer to get unstable after such conditions? Is there anything I can do to correct this?

By the way, after I got the above ERR, I used Add/Remove to remove Adobe Flash 10 & then reinstalled it. Hope that helps.



Regards,

Jerry

I

[emeraldnzl]

Hi Jerry,

Can you think of any reasons for this. Is it common for a computer to get unstable after such conditions? Is there anything I can do to correct this?

No I don't really know. My guess might be overheating but I would open a topic in the XP Operating System forum here. They are much better placed to answer that. If you do, make sure you tell them you have been here first.

Is there a way I can save this thread for future reference? It has a lot of good info, details of how to, & links. Will the links work?

This topic will be closed in a few days but I think you can still access them. I certainly can but then I am staff so you might have to try it. I would be a bit careful of links especially for tools. Tools can change and instructions may not be relevant after a time.

I was in the process of shutting down for the day, when I got the Err Msg: IE has encountered a problem with an add-on & needs to close. File: Flash10c.exe, Adobe Flash Player. This seems to happen every 2-3 days. I had to do a hard turn-off after this. That does not happen very often.

You might try that IE Repair. Also did you know this:

Internet Explorer 7's No Add Ons mode

One of the lesser known features of Internet Explorer 7 is the "No Add Ons" mode.

A shortcut is automatically added to the All Programs Menu in the System Tools folder (All Programs, Accessories, System Tools) when Internet Explorer 7 is installed. Alternatively, you can create a shortcut on your desktop or QuickLaunch bar with the following target path:

"C:\Program Files\Internet Explorer\iexplore.exe" -extoff

Primarily a troubleshooting tool, No Add Ons mode allows you to start IE with all add-ons such as toolbars and activex controls disabled. If you are seeing problems when using IE in normal mode, and those problems go away when using No Add Ons mode, then obviously a third party product is at issue. Use the Manage Add-Ons tool to disable all Add-Ons, start IE in normal mode then re-enable the add-ons one at a time, testing as you go, to work out what which product is causing a problem.

[Jerry23]

Hi Emerald,

Thanks for the input. IE seemed to be running more like normal this morning. But then it gave me the "needs to close' Err - not tied to the Adobe add on.

I tried the Msft repair procedure you gave me. I ran the sfc file check first - no feedback. Then I ran the install IE file procedure. It keeps stopping & giving me Err Msg - Set Up cannot find file 'XXXX'. Asks me for the location. I search for the loc & manually type it in. Then it runs for a short while & asks me for another file loc. I did that a few times & stopped - don't know how many file locs it will ask for. Very time comsuming.

Regards,

Jerry

[emeraldnzl]

Hi Jerry,

Really getting outside my expertise now.

I think you should go to the techies (Operating Systems forum - Windows XP) and ask there. As I have probably mentioned before. Don't forget to tell them you have been here first.

[Jerry23]

Hi Emerald,

Yeah - I will take up the IE problems on the other board. Thanks for the link anyway.

I did the clean up process you posted above. Have a couple questions/comments.


[1]
>>>>Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.<<<<

When I did this, it actually ran Combofix. I forgot that I was supposed to shut down other applications that were running and disable my Internet Security. Caused a few hiccups - but everything turned out ok I believe. You might want to add those items to your instructions for dummies like me. I have a Combofix report if you want to see it.

[2]
I downloaded & ran the MVPS HOSTS File program. Seems like a good idea. Thanks. It says in the readme txt, that large HOSTS files tend to slow down the machine. And to get around this, to set the start up to manual in DNS Client. I understand how to do this, but I do not understand what this does or how it will affect how the computer functions or how I will interface with the computer differently, because of this. Should I do this reset? What will be the effect on my computer & how I interface with it? What about updates?

[3]
If I recall correctly, Recovery Console was installed on my computer in one of the early steps. Could you give me a link or two that explains what this is & how to use it? I would like to learn this better before the next emergency strikes.

Thanks again [almost finished!!!!!!!!!]

Regards,

Jerry

Edited by Jerry23, 01 December 2009 - 05:11 PM.

[emeraldnzl]

I have a Combofix report if you want to see it.

Not unless you think there is something wrong.

I downloaded & ran the MVPS HOSTS File program. Seems like a good idea. Thanks. It says in the readme txt, that large HOSTS files tend to slow down the machine. And to get around this, to set the start up to manual in DNS Client. I understand how to do this, but I do not understand what this does or how it will affect how the computer functions or how I will interface with the computer differently, because of this. Should I do this reset? What will be the effect on my computer & how I interface with it? What about updates?

Something to ask the whizzes over at the XP Forum.

If I recall correctly, Recovery Console was installed on my computer in one of the early steps. Could you give me a link or two that explains what this is & how to use it? I would like to learn this better before the next emergency strikes.

Go to Description of the Windows XP Recovery Console

[Jerry23]

Hi Emerald,

How are things in KIWI land? I am curious as to what time it is down under, compared to here. I am guessing the difference is about 12 hrs.

I wanted to take a minute to thank you again for all the wonderful help you gave me over the last week or two. I appreciate it very very much!!!!!!!!!!!! You are a real gentleman; and you have great patience, if you can put up with the likes of me the way you did. It has been a real pleasure working with you.

I have a few loose ends I would like to clear up, If you would.

[1] I downloaded & ran the MVPS HOSTS File program. Since that time, I have been having problems with my IE 'back' button. I sometimes have to hit it 2-3 times before the page actually moves back. Do you have a "magic fix" for that? IF not, how would I restore my original HOSTS file? Do you think that would help?

[2] When you had me run the OTL.exe program, you included the following code.

>>>>CODE
:processes

:OTL
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)

:Commands
[purity]
[emptytemp]
[resethosts]<<<<

I am very concerned with the ALCXMNTR.EXE file because, when I first lost my sound, an ERR Msg came up each time I booted - ALCXMNTR.EXE - Application error - The application failed to initialize properly. When I ran OTL that ERR mssg went away. I have done a lot of searching on this topic, and there are some who think that a rogue version of ALCXMNTR.EXE could be causing sound/other problems. Could you please explain why you included that code & what it did? Also, do you believe I could have had a rouge ver of that file?

[3] I have read that a typical virus scan will catch only about 70% of the bad guys. For this reason, I would like to use an additional 2-3 virus scans.I realize that I should not have more than one active scanner installed on my computer. I had the free version of BitDefender on my computer, but removed it per your request. I thought the Free ver of BD was not active - but I guess I was wrong. I currently have Kapersky Internet Security 2010 & Malwarebytes on my computer. What 2-3 additional Virus scans would you recommend I use. I would strongly prefer something I could start by clicking on an icon on my desktop. The online scans are inconvenient & usually take a long time to run - & I probably would not use them faithfully. I am confused with all the free anti-malware programs out there - which are active & should not be used with my Kapersky - and those which are passive & would be ok to download. It seems like the trend over the past few years is to make everything active.

Thanks in advance for your help.

Regards,

Jerry

Edited by Jerry23, 03 December 2009 - 11:38 AM.

[emeraldnzl]

I am very concerned with the ALCXMNTR.EXE file because, when I first lost my sound, an ERR Msg came up each time I booted - ALCXMNTR.EXE - Application error - The application failed to initialize properly.

See this link:

http://www.systemloo...ch=ALCXMNTR.EXE

When we fixed that it just disconnected that function from the register so that the spyware part of Realtek doesn't work. It shouldn't change anything else i.e. your program should still run as before.

[resethosts]<<<<

Resets the HOSTS file to the default setting. I included that because of your IE problems just in case something in the hosts file was interfering. Shouldn't have caused the symptoms you are describing. In fact ComboFix does the same thing when it is run.

I downloaded & ran the MVPS HOSTS File program. Since that time, I have been having problems with my IE 'back' button. I sometimes have to hit it 2-3 times before the page actually moves back. Do you have a "magic fix" for that? IF not, how would I restore my original HOSTS file? Do you think that would help?

Download the HostsXpert 4.2 - Hosts File Manager.

• Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
• Run HostsXpert 4.2 - Hosts File Manager from its new home
• Click on "File Handling".
• Click on "Restore MS Hosts File".
• Click OK on the Confirmation box.
• Click on "Make Read Only?"
• Click the X to exit the program.
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

I have read that a typical virus scan will catch only about 70% of the bad guys. For this reason, I would like to use an additional 2-3 virus scans.I realize that I should not have more than one active scanner installed on my computer. I had the free version of BitDefender on my computer, but removed it per your request. I thought the Free ver of BD was not active - but I guess I was wrong. I currently have Kapersky Internet Security 2010 & Malwarebytes on my computer. What 2-3 additional Virus scans would you recommend I use. I would strongly prefer something I could start by clicking on an icon on my desktop. The online scans are inconvenient & usually take a long time to run - & I probably would not use them faithfully. I am confused with all the free anti-malware programs out there - which are active & should not be used with my Kapersky - and those which are passive & would be ok to download. It seems like the trend over the past few years is to make everything active.

While you may download another AV and not enable it, nowadays, as long as it is installed, part of it will most likely be active deep down. This is why sometimes when people disable their anti-virus program they still have problems running some of our tools. Even in Safe Mode these programs are still running from bootup at the deepest levels of your computer.

If it were me I would run an on line virus scan every now and then. That way you won't run the very real risk of conflict.

I am curious as to what time it is down under, compared to here.

At time of posting it is 8:30am on the morning of Friday the 4th of December. As you know it will depend on where you reside in the United States as to how far behind us you are. At the moment we have daylight saving of 1 hour in place so the time difference will change when our winter comes along.

[Jerry23]

Hi Emerald,

I ran the HostsXpert 4.2 - Hosts File Manager & my problem went away!!!! Thanks again. It was particularly annoying because it happened with every E-mail I opened. It took 2-3 back clicks to get back to the previous page. If you look at the bar at the bottom of the screen, each time I hit the back button, it looked like something was happening, but nothing happened on the page. I saw a 127.0.0.1, for a second, in the lower bar each time I hit back.

I know I am asking for a lot, but is there anyway I can get the additional protection of the MVPS HOSTS File program HOSTS file, without getting the problem I was having?

Regards,

Jerry

[emeraldnzl]

I know I am asking for a lot, but is there anyway I can get the additional protection of the MVPS HOSTS File program HOSTS file, without getting the problem I was having?

This is what I have on my computer.

Spybot Search & Destroy

Go to the link below for help installing Spybot Search & Destroy.

http://www.bleepingc...tutorial43.html

For what you want make sure the Immunize function is enabled.

[Jerry23]

Hi Emerald,

Thanks for the info & the link for Spybot Search & Destroy. The Immunize function, Resident SD Helper, & Resident Tea Timer look especially helpful. But before I download it, would you please comment on what we were talking about yesterday - possible conflict with my Kaperksky?

That is a great site - found it a couple days ago. Lots of great info on stuff like this. While I was there, I read up on Spyware Blaster, IObit, & Ad-Aware. Spyware blaster looks particularly helpful to prevent IE attacks - kind of a Spybot on steroids. IObit 360 [5* at CNET]also sounds interesting - found this.

>>>>>IObit Security 360 can work with your antivirus for a superior PC security.<<<<<

Please comment on these 3 programs as to potential conflicts with Kapersky & effectiveness. Thanks.


Do you think it would be safe for me to dl & use these programs?

I used to use Spybot & Ad-Aware many years ago, but stopped. They had a lot of false positives & listed the same cookies time after time. I was also using Avast, AVG & a free firewall. I got in trouble using the free programs. Also, they were a lot of work - updating & running individually - Plus potential conflicts. That is why I decided to switch to Paid Security Suites - A lot less work, more effective.

Spybot & Ad-Aware seem to have really grown up. They do a lot more than they used to.

I still use Malwarebytes.I ran into a problem, using the Trend Micro IE suite a year + ago, TM could not find it. Malwarebytes found 4 trojans & removed them - problem gone. I see most of the forums and IE advice still seem to prefer & recommend only the Free programs.

Regards,

Jerry

Edited by Jerry23, 04 December 2009 - 12:31 PM.

[emeraldnzl]

But before I download it, would you please comment on what we were talking about yesterday - possible conflict with my Kaperksky?

Shouldn't do... one of the reasons I recommend it. Spybot Search & Destroy doesn't conflict with anything on my machine although I don't have Kaspersky.

IObit

IObit have been caught stealing code from Malwarebytes see links below:

http://malwarebytes....ctual-property/

http://www.geekstogo...-the-truth-lie/

I wouldn't have confidence in a company that does that.

I read up on Spyware Blaster

Another good program that I used to recommend. Used to (may still do) work on Windows 9x machines so was one that could be recommended to people with older computers.

Haven't used it recently but I don't think it would conflict with Kaspersky. Up to you really. Probably better to only have one of those two though.

They had a lot of false positives

Something you need to be aware of with any anti-malware program. Some are worse than others though lol.