Rangerland Forum Information

[BaHa]

So, my mother dusted her keyboard (PC), and now, although the computer turns on--yes, she turns it off at night--the monitor does not. She claims that she was dusting the right side of the keyboard when it happened. Because I know how to do terribly complicated things like, oh, scanning, she thinks I can tell her how to fix this. Help!

[The Fast Choker]

So, my mother dusted her keyboard (PC), and now, although the computer turns on--yes, she turns it off at night--the monitor does not. She claims that she was dusting the right side of the keyboard when it happened. Because I know how to do terribly complicated things like, oh, scanning, she thinks I can tell her how to fix this. Help!

Does the monitor get a standby light (yellow/orange instead of green), or nothing at all? If nothing at all, obviously check the power connections to the monitor.

If you get the standby:

1. Cycle through the input selections (it's usually its own button on the monitor), she may have hit it and now it's on the wrong one.
2. Press some keys on the keyboard, it's possible the computer is in standby, even though it looks "on".
3. Power the computer off via the power button on the computer, then power it back on. (sometimes needed if it won't wake up from standby)

Those are the more common situations I run into.

[Rick91981]

Very well could have pressed the sleep button on the keyboard. Press it again to wake it up. (looks like a crescent moon). Check that the power cable is in nice and tight. Also possible the monitor just died and needs replacement. Is there any sort of lights on the monitor at all?

[BoomStrakaLaka]

Malwarebytes always autosaves the log file. No need to manually save it. Whenever the scan finishes and it prompts you for a reboot, do so immediately otherwise it may not effectively remove the spyware it finds.

Try to use SAS portable if nothing else can run.

Thanks for the suggestion, Rick. Although SAS portable didn't take care of the problem right away, it seemed to get me started towards getting rid of a lot of bad things. I was able to install MBAM and the full version of SAS. Now I'm in the process of letting Anti-Vir get its first full scan.

I don't think I've got rid of everything, since Anti-Vir wasnt able to install updates, so I dont think everything is back to normal.

Two questions:

1) Why is svchost.exe taking up so much RAM? I'm talking >85%.
2) Do you know of any good free firewall software? I use Kerio, but I'm not sure if its available for download. My friend's parents aren't tech savvy at all, so I'm looking for the most user friendly option.

Thank you.

[Rick91981]

Thanks for the suggestion, Rick. Although SAS portable didn't take care of the problem right away, it seemed to get me started towards getting rid of a lot of bad things. I was able to install MBAM and the full version of SAS. Now I'm in the process of letting Anti-Vir get its first full scan.

I don't think I've got rid of everything, since Anti-Vir wasnt able to install updates, so I dont think everything is back to normal.

Two questions:

1) Why is svchost.exe taking up so much RAM? I'm talking >85%.
2) Do you know of any good free firewall software? I use Kerio, but I'm not sure if its available for download. My friend's parents aren't tech savvy at all, so I'm looking for the most user friendly option.

Thank you.

svchost is hard to say as it could be any number of things using it up. If you use a program called process explorer you might be able to find out exactly whats running but it could be a little confusing using the program.

As for firewall software the one built into windows is all you need. no need to have extra crap running.

[rightbug]

The Case Of The Disappearing Drive

So, my new computer, running Windows 7.

I was happy to find that I had backed up my photos and music recently before the old PC died. The backup drive is a 750GB Seagate drive that I bought back in July. After setting up my new PC I powered it back down, installed the backup drive and fired it back up. The drive was there and in good health. I moved all of my music and photos to the hard drive and I setup Windows 7 to do automatic backups to the backup drive.

Last night I got notification that the backup failed because it could not find the e: drive. Odd. I rebooted. Nothing. Tonight I powered everything down, opened it back up, unplugged and replugged the backup drive and powered backup. 'Still not there.

It would be annoying and odd if the relatively new drive died two days after installing it. It ran for over a month with no trouble in the old PC. I'm hoping that Windows just can't see it for some reason?

[rightbug]

Wow -- Messed up. I just tried to have Windows search for new devices and it caused an instant reboot. That can't be good.

[Rick91981]

The Case Of The Disappearing Drive

So, my new computer, running Windows 7.

I was happy to find that I had backed up my photos and music recently before the old PC died. The backup drive is a 750GB Seagate drive that I bought back in July. After setting up my new PC I powered it back down, installed the backup drive and fired it back up. The drive was there and in good health. I moved all of my music and photos to the hard drive and I setup Windows 7 to do automatic backups to the backup drive.

Last night I got notification that the backup failed because it could not find the e: drive. Odd. I rebooted. Nothing. Tonight I powered everything down, opened it back up, unplugged and replugged the backup drive and powered backup. 'Still not there.

It would be annoying and odd if the relatively new drive died two days after installing it. It ran for over a month with no trouble in the old PC. I'm hoping that Windows just can't see it for some reason?

Sometimes there is a drive letter conflict that causes a drive not to show. Most common with flash drives but happens with hard drives as well. Right click on computer and choose manage. (If UAC prompts you to allow it click allow). On the left hand side choose disk management. Does the drive show up there? If so, what does it say? Such as healthy, primary, unallocated. If it says healthy and or primary you are in good shape. Right click on the drive and choose the option for change drive letter and paths and then in the window that comes up click change. Pick a new drive letter and click ok. Click OK again. Now are you able to see the drive?

Wow -- Messed up. I just tried to have Windows search for new devices and it caused an instant reboot. That can't be good.

Could be an iffy driver or something. Windows will reboot upon major errors instead of going to a BSOD by default. If you look in C:\Windows\Minidump there will likely be a small dump file (or several. the string of numbers in the filename will represent a date of when it happened) with information on the error. If you want to post it I can see what I can decipher from it. Sometimes the info is useful, other times it isn't. You could also just chalk it up to being a fluke and ignore it unless it keeps happening.

[rightbug]

Sometimes there is a drive letter conflict that causes a drive not to show. Most common with flash drives but happens with hard drives as well. Right click on computer and choose manage. (If UAC prompts you to allow it click allow). On the left hand side choose disk management. Does the drive show up there? If so, what does it say? Such as healthy, primary, unallocated. If it says healthy and or primary you are in good shape. Right click on the drive and choose the option for change drive letter and paths and then in the window that comes up click change. Pick a new drive letter and click ok. Click OK again. Now are you able to see the drive?

Disk management does not see the drive.

I downloaded Seatools and it also does not detect the drive.

Googling around I see many people have had variations of this problem but usually after the computer goes into sleep mode and a reboot tends to fix it. There is a Hotfix for this but it doesn't seem to apply. I've found other people discussing a scenario closer to mine but no solutions for them yet. Based on what I have read I set the power settings for hard drives to 99999 seconds, just in case that's wht caused the drive to disappear. Now, to get it back...

Could be an iffy driver or something.

Yes -- A lot of people are recommending checking for updated SATA drivers. I will google it but maybe you can tell me quickly how best to update my SATA drivers.

Windows will reboot upon major errors instead of going to a BSOD by default. If you look in C:\Windows\Minidump there will likely be a small dump file (or several. the string of numbers in the filename will represent a date of when it happened) with information on the error. If you want to post it I can see what I can decipher from it. Sometimes the info is useful, other times it isn't. You could also just chalk it up to being a fluke and ignore it unless it keeps happening.

Here's the dump info, read using AppCrashView:

Version=1
EventType=BlueScreen
EventTime=129325201281428657
ReportType=4
Consent=1
UploadTime=129325201348384762
ReportIdentifier=130e08f0-e089-11df-8bbb-00262dd21977
IntegratorReportIdentifier=102510-14102-01
Response.type=4
Response.AnalysisBucket=X64_0xD1_athrx!OS_FREE_TIMER+17
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.1.7600.2.0.0.768.3
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=1033
UI[2]=C:\Windows\system32\wer.dll
UI[3]=Windows has recovered from an unexpected shutdown
UI[4]=Windows can check online for a solution to the problem.
UI[5]=&Check for solution
UI[6]=&Check later
UI[7]=Cancel
UI[8]=Windows has recovered from an unexpected shutdown
UI[9]=A problem caused Windows to stop working correctly. Windows will notify you if a solution is available.
UI[10]=Close
Sec[0].Key=BCCode
Sec[0].Value=d1
Sec[1].Key=BCP1
Sec[1].Value=0000000000000010
Sec[2].Key=BCP2
Sec[2].Value=0000000000000002
Sec[3].Key=BCP3
Sec[3].Value=0000000000000000
Sec[4].Key=BCP4
Sec[4].Value=FFFFF880014F05D6
Sec[5].Key=OS Version
Sec[5].Value=6_1_7600
Sec[6].Key=Service Pack
Sec[6].Value=0_0
Sec[7].Key=Product
Sec[7].Value=768_1
State[0].Key=Transport.DoneStage1
State[0].Value=1
State[1].Key=CA
State[1].Value=1
State[2].Key=BLOB
State[2].Value=CHKSUM=30EAC9C689BC799DD042BC80B228813D;BID=OCATAG;ID=7efd04ae-2d24-4491-9866-2650a73ad9a6;SUB=10//25//2010 3:42:18 PM
File[0].CabName=102510-14102-01.dmp
File[0].Path=102510-14102-01.dmp
File[0].Flags=851970
File[0].Type=2
File[0].Original.Path=C:\Windows\Minidump\102510-14102-01.dmp
File[1].CabName=sysdata.xml
File[1].Path=WER-29593-0.sysdata.xml
File[1].Flags=851970
File[1].Type=5
File[1].Original.Path=C:\Users\Cliff\AppData\Local\Temp\WER-29593-0.sysdata.xml
File[2].CabName=WERInternalMetadata.xml
File[2].Path=WERB192.tmp.WERInternalMetadata.xml
File[2].Flags=589827
File[2].Type=5
File[2].Original.Path=C:\Users\Cliff\AppData\Local\Temp\WERB192.tmp.WERInternalMetadata.xml
File[3].CabName=Report.cab
File[3].Path=Report.cab
File[3].Flags=196608
File[3].Type=7
File[3].Original.Path=Report.cab
FriendlyEventName=Shut down unexpectedly
ConsentKey=BlueScreen
AppName=Windows
AppPath=C:\Windows\System32\WerFault.exe


I may try to recreat the problem now.

[rightbug]

I can't replicate the reboot so that may be a red-herring

This post has been edited by rightbug: Oct 25 2010, 06:56 PM

[Rick91981]

Disk management does not see the drive.

I downloaded Seatools and it also does not detect the drive.

Googling around I see many people have had variations of this problem but usually after the computer goes into sleep mode and a reboot tends to fix it. There is a Hotfix for this but it doesn't seem to apply. I've found other people discussing a scenario closer to mine but no solutions for them yet. Based on what I have read I set the power settings for hard drives to 99999 seconds, just in case that's wht caused the drive to disappear. Now, to get it back...

Try a different USB cable if you have it. It could be something as simple as that. Or even a different USB port on the back of the computer. Do not connect it to a front USB port as those typically are not powered ports.

Yes -- A lot of people are recommending checking for updated SATA drivers. I will google it but maybe you can tell me quickly how best to update my SATA drivers.

It is typically just a matter of double clicking an .exe file just like normal software. The specific driver needed will vary dependent on the hardware config. Go to the manufacturers website and choose the correct computer model and it should offer you downloads. Find SATA in the list and get the most current version.

Here's the dump info, read using AppCrashView:

...........
.......
....

I may try to recreat the problem now.

This file is the one I am reffering to. File[0].Original.Path=C:\Windows\Minidump\102510-14102-01.dmp

MS has a tool that will let me read the info in that file (no personally identifiable info is contained in it) and it may help determine a cause.

[Rick91981]

I can't replicate the reboot so that may be a red-herring

Good. Then I would chalk it up to a fluke and not worry about it unless the problem re-occurs.

[rightbug]

Try a different USB cable if you have it. It could be something as simple as that. Or even a different USB port on the back of the computer. Do not connect it to a front USB port as those typically are not powered ports.

It's actually an internal drive. I mounted it as a slave drive. It was fine for the first day, during which time I copied all of my music back to the primary hard drive.

It is typically just a matter of double clicking an .exe file just like normal software. The specific driver needed will vary dependent on the hardware config. Go to the manufacturers website and choose the correct computer model and it should offer you downloads. Find SATA in the list and get the most current version.

Thanks -- I'll try that next.

[Rick91981]

It's actually an internal drive. I mounted it as a slave drive. It was fine for the first day, during which time I copied all of my music back to the primary hard drive.

Oh ok I guess I was misunderstanding. I had the impression it was an external. You say you mounted it as a slave drive...that implies it is IDE and not SATA correct? If it is IDE, it should have a jumper on the back of the drive to select between master slave and cable select. Some drives are picky with their settings. I have encountered drives that only want to be a master. Also ones that will work as a slave if you have the jumper to cable select and not slave, or vice versa.

I would also check the cable. For a harddrive you would want an 80 wire IDE cable, not a 40 wire.

Are you comfortable going into the BIOS to see if the drive is recognized there?

[rightbug]

Oh ok I guess I was misunderstanding. I had the impression it was an external. You say you mounted it as a slave drive...that implies it is IDE and not SATA correct? If it is IDE, it should have a jumper on the back of the drive to select between master slave and cable select. Some drives are picky with their settings. I have encountered drives that only want to be a master. Also ones that will work as a slave if you have the jumper to cable select and not slave, or vice versa.

I would also check the cable. For a harddrive you would want an 80 wire IDE cable, not a 40 wire.

Are you comfortable going into the BIOS to see if the drive is recognized there?

Sorry, I mis-spoke when I said I mounted it as a slave. It is SATA. I guess the power cable has two pins on it but each drive has it's own SATA control cable. (I'm used to IDE setups so I assumed the wide cable with two pin locations was the controller and the small cable was the power.) I'm going to try swapping the SATA control cable out tonight, though maybe it's the power? It's sort of behaving like it's the power but being on the same cable as the c: drive you'd think it would be okay. (Actually, maybe that's a terrible assumption.)

I'll also check the BIOS. Normally I'm comfortable doing that but with a brand new computer that is otherwise working great, I'm a little nervous even looking at the BIOS for fear of accidentally changing something

[Rick91981]

Sorry, I mis-spoke when I said I mounted it as a slave. It is SATA. I guess the power cable has two pins on it but each drive has it's own SATA control cable. (I'm used to IDE setups so I assumed the wide cable with two pin locations was the controller and the small cable was the power.) I'm going to try swapping the SATA control cable out tonight, though maybe it's the power? It's sort of behaving like it's the power but being on the same cable as the c: drive you'd think it would be okay. (Actually, maybe that's a terrible assumption.)

I'll also check the BIOS. Normally I'm comfortable doing that but with a brand new computer that is otherwise working great, I'm a little nervous even looking at the BIOS for fear of accidentally changing something

Definitely try giving it a dedicated power cable. It is possible that the power supply is underpowered and the line isn't putting out enough juice to properly power everything. Using a different cable, you may luck out and have it on a different "rail" and it can supply proper power. If it does turn out to be power related and your power supply just does not put out enough juice, you can always buy a cheap enclosure and convert it to an external drive with its own dedicated power.

If you have been comfortable navigating a BIOS in the past then don't fear the new one. It is pretty hard to change a setting by mistake. The biggest problem is going in there changing things on purpose, but that you aren't really sure what the setting does. It will vary depending on the BIOS make and version you have, but once into the BIOS there should be a section for devices, or similar where you can see a list of attached drives. See if the drive shows up in the list. If it does then the machine recognizes it but Windows does not. If it does not show up in the BIOS, then your machine does not recognize it and it could be either power, cable, or drive related.

[rightbug]

If it does not show up in the BIOS, then your machine does not recognize it and it could be either power, cable, or drive related.

So this did turn out to be the drive. On the one hand, infuriating as I just bought it at the end of July. It's also the third Seagate drive I've had die in the last six months. On the other hand, I managed to get all of my music and photos off of the drive in the 24 hours between getting my new computer and the drive dieing so I feel fortunately there. I shipped it back to Seagate today for a new one.

[Rick91981]

Seagate

Well that's your problem right there. I have had nothing but bad experiences with them. Maxtor used to be my go to drive until Seagate bought and ruined them. Only drive I would buy now is a Western Digital. Their Caviar line is pretty solid. As a data drive look for a Caviar Green. For a boot drive, get a Caviar Black.

[Lester Patrick]

I have a photoshop CS4 question for anyone who's better at it than I am. I have a class project where we put several images into a photo. I then have to use it for my portfolio on a website using dreamweaver. When I look at the photo on the browser, the photo bottom starts about halfway up the screen and the top is cut off. I went to photoshop to move the photo down the screen and do another 'save for web and devices', but I don't see how to do that. When looking at the rulers on the side and top, the top left corner of the photo begins at 0 and 0. This is happening in explorer, firefox and chrome. Anybody have an idea as to how to solve this? Thanks.

[Rick91981]

Hard to say what exactly is going on. Would it be possible to post the psd file?

[Lester Patrick]

Thanks Rick, I figured it out. For some reason, it didn't like some of my code.

[Rick91981]

OK Glad you got it sorted.

[rightbug]

Well that's your problem right there. I have had nothing but bad experiences with them. Maxtor used to be my go to drive until Seagate bought and ruined them. Only drive I would buy now is a Western Digital. Their Caviar line is pretty solid. As a data drive look for a Caviar Green. For a boot drive, get a Caviar Black.

See, I've always had nothing but good experiences with Seagate until now. And they are replacing the drive for free! And, by contrast, I stopped using Maxtors years ago after having two die on me in a short period of time. I'll definitely check out Western Digital next time around though.

[Rick91981]

See, I've always had nothing but good experiences with Seagate until now. And they are replacing the drive for free! And, by contrast, I stopped using Maxtors years ago after having two die on me in a short period of time. I'll definitely check out Western Digital next time around though.

Every Seagate I have ever owned (3) has had one problem or another. Glad they are replacing it, but don't trust it with vital data. Never had a problem with a Maxtor and had 7 or 8 of them over the last 10 yrs. I have seen WD drives die but they were older models, the Caviar line is solid.

As far as storage of anything that is truly important, use an online backup such as mozy or carbonite. I use Mozy (free for up to 2GB space) and have never had issue. No personal experience with carbonite but i have heard good things.

[BoomStrakaLaka]

Been having a lot of trouble with a PC. Almost a month ago, this PC was severely infected with a virus that called itself Antivirus8. I thought I had gotten rid of all the infections. There were times when I couldnt go to the Windows Update website, as the infection seemed to block me from getting there. I had that problem fixed, and now it has returned.

I am wondering if it is related to another issue I have with the PC. I have seen the following error several times: "generic host process for win32 services has encountered a problem and needs to close". Also, svchost.exe will take up nearly 100% of the CPU for long periods of time.

If possible, I could really use some help with this.

[Rick91981]

Been having a lot of trouble with a PC. Almost a month ago, this PC was severely infected with a virus that called itself Antivirus8. I thought I had gotten rid of all the infections. There were times when I couldnt go to the Windows Update website, as the infection seemed to block me from getting there. I had that problem fixed, and now it has returned.

I am wondering if it is related to another issue I have with the PC. I have seen the following error several times: "generic host process for win32 services has encountered a problem and needs to close". Also, svchost.exe will take up nearly 100% of the CPU for long periods of time.

If possible, I could really use some help with this.

Sounds like there is still some spyware on the machine. I would run the usual scans of malwarebytes, superantispyware,and remove fake antivirus(start with this one). See where that gets you. You could also post a log from Hijackthis(2.0.4 is the newest version).

[BoomStrakaLaka]

Rick, thanks for your help as always. The PC is definitely still infected, as the browser (FF or IE) redirects me every time I click on a search result. I was able to arrive here after typing rangerland.net into the address bar.

MBAM and SASW found nothing (SASW actually found a bunch of cookies). My AVG scan also found nothing. I am going to run Spybot, but first wanted to post my HJT log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:31:35 PM, on 11/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Emsisoft\Online Armor\OAcat.exe
C:\Program Files\Emsisoft\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\1125946752\ee\AOLSoftware.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Emsisoft\Online Armor\oaui.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Emsisoft\Online Armor\OAhlp.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125946752\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Emsisoft\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-692574358-2411448291-2996467416-1005\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-692574358-2411448291-2996467416-1005\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-21-692574358-2411448291-2996467416-1005\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG

[Bleedin-Blue]

I transferred a bunch of files from my old computer via the Windows Easy Transfer but now all the sites I go to seem to be stuck on the basic text view without any images visible. How can I fix this?

[Rick91981]

Rick, thanks for your help as always. The PC is definitely still infected, as the browser (FF or IE) redirects me every time I click on a search result. I was able to arrive here after typing rangerland.net into the address bar.

MBAM and SASW found nothing (SASW actually found a bunch of cookies). My AVG scan also found nothing. I am going to run Spybot, but first wanted to post my HJT log.

{log file}

Log file doesn't look bad. I would recommend getting rid of AVG and putting on Ms Security Essentials and run a full scan with that. As far as the redirects on the internet that sounds like your hosts file is infected. Depending on your version of windows the location varies but look at c:windows\system32\drivers\etc and look for the hosts file. Double click to open it and when prompted what to open it with choose notepad. Shouldnt be much more than just 127.0.0.1 localhost in there. If there is delete everything else and save the file.

[Rick91981]

I transferred a bunch of files from my old computer via the Windows Easy Transfer but now all the sites I go to seem to be stuck on the basic text view without any images visible. How can I fix this?

Didn't I warn you about a month ago to just use an external hard drive?


And I'm going to need more info than that. What browser? What did you transfer? What version of Windows?

[Bleedin-Blue]

Firefox, music and video files and Windows 7.

I moved everything into the folder that is transferred automatically so I didn't really screw with anything beyond that.

This is what it looks like for me.

[Rick91981]

Firefox, music and video files and Windows 7.

I moved everything into the folder that is transferred automatically so I didn't really screw with anything beyond that.

This is what it looks like for me.

OK now I can see what you mean. First off, do you have adblock installed on there? 90% of the time when I see that happen it is due to an overagrressive case of adblock filters.

You could also try deleting the cookies, cache, and temp files and see if that helps.

[Bleedin-Blue]

Please elaborate for my dumb ass.

[Rick91981]

Easiest way to clear the cache etc is to use ATF Cleaner. Make sure you click the firefox tab to clear the firefox cache.

As far as adblock, youll know if you have it installed by going to tools menu and then addons and see if it is in there. If it is, disable it then try going to a website. if all is well then we know what the issue is.

Also try it in IE and see if the problem is localized to FF. It is possible the profile is corrupt and we need to create a new one.

[Bleedin-Blue]

Everything works on IE but I don't know what I'm looking for on the add-on page. Which tab do I look in? Plugins?

[Rick91981]

Everything works on IE but I don't know what I'm looking for on the add-on page. Which tab do I look in? Plugins?

The Extentions part of it. See if adblock is on the list.

[Bleedin-Blue]

Nope. Java Console and Java Console

[Rick91981]

OK I would create a new FF profile. Write these instructions down(or just go to the forum in IE).

1) Close FF
2) Click the start menu
3) Click Run
4) In the box that comes up type in firefox -p and hit enter.
5) Click create new profile
6) Name new profile anything you want
7) Click finish

[Bleedin-Blue]

Does Windows 7 have a 'Run' link? I don't see one in my Start menu.

[Rick91981]

Does Windows 7 have a 'Run' link? I don't see one in my Start menu.

Press the Windows key and r at the same time

[Bleedin-Blue]

Nice. Thanks Rick. Is there any way to restore all my tabs and bookmarks though?

[Rick91981]

Nice. Thanks Rick. Is there any way to restore all my tabs and bookmarks though?

Go back into the old profile and export the bookmarks. You can also drill down into the Application Data folders and find it that way. But if you aren't familiar with those system folders it is easier to go into the old profile.

go back to run and type firefox -p again. When the window comes up double click the OLD profile and FF will open up into the old one. Go to the bookmarks menu and then choose organize bookmarks. choose the backup and import button. Choose backup. Save the file to your desktop.

Close FF and now open it again using the run firefox -p and choose the NEW profile. go back to bookmarks menu and back to organize. This time choose import and choose the file you saved to the desktop.

Now all bookmarks should be back.

[Bleedin-Blue]

When I choose Import, the file doesn't show up as an html file.

[Rick91981]

When I choose Import, the file doesn't show up as an html file.

Sorry, meant to say choose the restore option

[Bleedin-Blue]

It's telling me that the file is an unsupported content type.

[Sed]

OK now I can see what you mean. First off, do you have adblock installed on there? 90% of the time when I see that happen it is due to an overagrressive case of adblock filters.

You could also try deleting the cookies, cache, and temp files and see if that helps.

Sometimes I have the same issue that Blue posted there - usually running ATFCleaner does the trick, or on some occasions rebooting has fixed it. In fact, just had to fight this on Saturday after an afternoon-long battle with SecurityTool. First time I think that I've ever had a problem bad enough where I had to boot in safe mode. Took both SuperAntiSpyware and Malwarebytes to kill it off.

[Rick91981]

It's telling me that the file is an unsupported content type.

Interesting. It saved it as a .json file and still doesnt like it?

Try going back to the old profile and exporting it as an html then import it as html. Maybe it is being picky for some reason.

[Rick91981]

Sometimes I have the same issue that Blue posted there - usually running ATFCleaner does the trick, or on some occasions rebooting has fixed it. In fact, just had to fight this on Saturday after an afternoon-long battle with SecurityTool. First time I think that I've ever had a problem bad enough where I had to boot in safe mode. Took both SuperAntiSpyware and Malwarebytes to kill it off.

You definitely were looking in the right place for removal. Bleepingcomputer.net is one of the best places to get malware help. They are loaded with good information.

[Sed]

You definitely were looking in the right place for removal. Bleepingcomputer.net is one of the best places to get malware help. They are loaded with good information.

Yeah, they made it a relatively painless - if time-consuming - process. Fortunately, I also had my laptop and a spare thumb drive at home, as it was necessary to download the portable version of SuperAntiSpyware and run it off of the thumb drive; SecurityTools totally blocked out MalWareBytes on me until after I ran SuperAntiSpyware.

[Bleedin-Blue]

Yay fixed. Thanks Rick.