Hi,
have a dell 600m laptop with windows xp sp3 and it keeps crashing with fatal error but when i go into safe mode its ok. Triied using system restore but no restore points available. If it works ok in safe mode, is it most likely a device driver? I had installed avg v8.5 recently and this is around time it crashed. Wanted to know best way to isolate which driver or program is causing the fatal error. Also, i used diagnostic startup to load only basic drivers but still crashed. Any ideas?
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Blue screens are usually conflicts in memory access where a couple of different programs want the same area of memory at the same time.
Uninstall AVG. You can always put it back on again later if this doesn't help.
Make sure you run the PC for a couple of clean boots after the uninstall.
Hope this helps you.
Deb
Hi,
i uninstalled avg but still crashed. I am trying to do a repair now on xp system files using xp cd. After that will try and see if i can log in normally. Like i said, the fact that safe mode runs pretty well means there must be some driver or software conflict. Noticed my wireless and embedded lan adapters are also not working.
When are they not working in regular mode or in safe mode? If its in safe mode they wont work unless you go into safemode with networking. If its regular mode go into safe mode with networking and see if it still crashes. Since it doesnt do it in safe mode I would look toward a video or lan driver if it is a driver but it really would help if you shared with us what the blue screen says on it. If safe mode with networking crashes uninstall your ethernet driver and reinstall a new one if that doesnt fix it go for the wireless driver. Once again if it would really help to know what the bluescreen is saying but thats where i would start with the symptoms you described.
Hi,
Just finished running the repair using xp home cd and it worked. Only problem is that prior to repair when i couldn't get into windows normal mode, it was on xp sp3. Now it is on sp2 since the cd i used is sp2. Everything looks ok for now but would there be an issue you think with this situation. I can just reapply the sp3. Actually, this is not my laptop. It is a friends and she uses it for work so probably her techs installed it for her but i will advise her to tell them to reapply. I also had gone into safe mode prior to this repair using networking and both wireless and lan adapters had "status" selection grayed out under adapter properties so maybe it had corrupted system files and repair fixed it. thanks for the help and let me know what you think about the sp3 issue.
If there's a Stop error, this article will help>
http://aumha.org/a/stop.ht
You could check to see if the Minidumps are enabled>
http://www.cakewalk.com/Su
If the laptop is crashing before Windows has a chance to produce a crash dump, could conceivably be a Hard disk problem.
Hi,
after running avg free antivirus once, it discovered 12 trojans which it deleted and then i reran this morning and left laptop running but when i got back just now, the fatal error came up again. It is stop: c000021a the windows logon process system process terminated unexpectedly with a status of f 0x00000000 (0x00000000 0x00000000). Any ideas? Also, not sure what you mean about the mini dump. Thanks in advance.
Referring to the Minidumps, they are normally located in c:\windows\minidump\
or %systemroot%\minidump\
Can you paste the latest dump(s) in the "Attach Code Snippet" box.
You'll need to rename single minidumps first with a .txt extension. If you have more than one you can zip them before attaching.
You may need to disable auto restart:
Right click My Computer > Properties > Advanced > Startup and Recovery Settings and uncheck Automatically Restart.
If you see no minidump this may help>
Enable Minidump's in Windows XP:
http://www.cakewalk.com/Su
As you've already found a number of Trojans, suggest you run the following>
Download then update Malwarebytes' Anti-Malware:
http://www.malwarebytes.or
When updated, reboot into Safe Mode by selecting F8 at bootup & run a scan.
Full instructions are available, if you require.
Also ..
"Trend Micro's FREE online virus scanner":
http://housecall.trendmicr
Ideal for scanning online, using "Safe Mode with networking".
Kaspersky free online virus scanner which is a good way to find out if you have any viruses or spyware without having to uninstall your existing antivirus software>
http://www.kaspersky.co.uk
Again, did you upgrade windows ? (upgrade and not update, means change windows edtion e.g from XP SP2 to XP SP3 ...)
you might find the driver blue screen caused by here:
http://www.steveglendinnin
HI,
as i mentioned, i had tried to correct the original problem by running a repair from xp home cd and noticed that it was sp2 afterwards when original was sp3 and that's why i had asked if this would be a problem. Its possible that i had corrected the original blue screen and this is just a separate blue screen since after running the repair i was able to get in to windows normally for 1 day and then when running avg 2nd time it crashed.
The repair procedure you used could be the problem.
Did you get the "Setup cannot continue because the version of Windows on your computer is newer than the version on the CD" message ?
Scroll to this particular statement on the following link for detail. You'll see that you need to create a slipstreamed copy of your XP CD by using the software and step by steps supplied in the links given here>
How to Perform a Windows XP Repair Install:
http://www.michaelstevenst
Sorry, I just read your question and its seems to me as I never read it before.
the steps you performed when you tried to fix the problem lead to this situation.
I suggest you to perform CHKDSK which will perform in 3 stages.
- CHKDSK's activity is split into three major "stages" during which it examines all the "metadata" on the volume and an optional fourth stage. Metadata is "data about data." It is the file system overhead, so to speak, that is used to keep track of everything about all of the files on the volume. Metadata tells what allocation units make up the data for a given file, what allocation units are free, what allocation units contain bad sectors, and so on. The "contents" of a file, on the other hand, is termed "user data." NTFS protects its metadata through the use of a transaction log. User data is not so protected.
http://support.microsoft.c
this will gets your pc closer to the stable situation, if the issues still appear. the repair from XP SP3 CD will be much easer. with my wishes to you.
Best Regards
Saed Salman
That's good. If machine still running ok suggest looking for those illusive Minidumps .. then we'll have something more to go on, just in case it BSODs again.
Then perhaps next .. update & run Malwarebytes' Anti-Malware, ~and~ one or two of the other scanners .. there's no single scanner that can guarantee removing all infections(that's assuming there may still be an infection!).
Once confirmed clean, we could take a look at your System Restore, which may well have corrupted file(s).
Not for one moment am i doubting your ability, but has it been enabled? >>
http://www.pchell.com/viru
If ok, one option could be>
"The System Restore Utility May Be Suspended on a System Drive Even Though There Is Enough Disk Space":
http://support.microsoft.c
Failing that, you could try this repair>
http://windowsxp.mvps.org/
Reinstalling the System Restore program should not delete existing restore points which are stored in a hidden folder.
[Probably in C:\System Volume Information].
See >
"How to gain access to the System Volume Information folder":
http://support.microsoft.c
Until your laptop's is stable once more, perhaps it would be a good idea to hold off reinstalling avg v8.5.
Hi Jonvee,
thanks for all the advice. I downloaded and installed the malwarebytes and updated then scanned whole machine and came up clean which was good and lapotp stayed on whole night but this morning when i rebooted it crashed again with same bsod message. It references the logon process so wondering what that means but assume it is crashing right when it is about to bring up logon screen. Anyway,my problem is that i didn't send you the minidump while the laptop was working since it was running scan of malware and i fell asleep. Is there a way i can copy it from laptop in safemode so i don't have to run repair process again? Unfortunately when it is in safemode after crashing, cannot access the internet to send to you since network adapters are not working. Really curious what is causing the crash. Thanks.
>and i fell asleep< << which is what i almost did at midnight last night!
Not aware of any method of reaching a Minidump from Safe mode.
Another option may be to try to run MSCONFIG from Safe mode. Then from the SCU uncheck the Start up entries that are safe to 'disable', to see if some other application is causing the hang >>
http://netsquirrel.com/msc
Or if you prefer, you could try running the command "services.msc" (no quotes)>
http://www.blackviper.com/
Actually, laptop is a dellinspiron 600m. Also, wasn't running avg when laptop crashed. It was on all night and it crashed this morning when i went to do a reboot to test it. Right now i am in safemode and wasnted to send you the minidump file but can't since internet not accessible due to network adapters not working. Any ideas? thanksl
From your Minidump & using WinDbg, obtained this >>
MODULE_NAME: ntdll
IMAGE_NAME: ntdll.dll
FAILURE_BUCKET_ID: STATUS_ACCESS_VIOLATION_c0
Which refers to the file ntdll.dll
"What is ntdll.dll":
http://www.computerhope.co
So ~conceivably~ it could still be an infection.
Hi,
i actually ran antimalware again but this time in safemode and it found 18 infections most of which were trojans. It asked for reboot since some of the infections it could not delete until reboot. Will run again to see if it got rid of everything. You are probably right that the infection is causing the crashes. I also uninstalled avg free and am going to run trial version of nod32 which i heard is good antivirus. Do you still need me to send minidump file again or should i wait to see what happens after the 2 scans?
Ok, good. Then try the infamous Kaspersky, the link's above ^
Just about to post this suggestion .. >>>
.. a possible option (if you wish to try it) is to run Trend HijackThis 2.02:
http://majorgeeks.com/Tren
You could download HJT to a memory stick, transfer it to the inspiron, then try to run it in Safe mode. Even then there's no guarantee thet HijackThis will detect any possible infection(for example it doesn't necessarily see a rootkit).
Create a folder where you would like the HijackThis file to reside and run it from there, not from the Desktop or a temporary folder.
Run the scan & save the logfile. Then click the "Attach Code Snippet" box, paste the logfile into the "Code Snippet" page and then it can be analysed.
You can rename hijackthis.exe to hijackthis.com or hijackthis.bat, in an attempt to prevent any nasties stopping your programs from running.
If you're unable to proceed much further you may want to consider the final option, a reformat. Just in case you need this, further down the road>
"Clean Install Windows XP":
http://www.michaelstevenst
But 18 more infections .. phew!
Hey, your best shot, try running Combofix & ignore HijackThis for the moment.
Download ComboFix and save to your Desktop >
http://download.bleepingco
Before using ComboFix please disable any realtime Anti-virus, Anti-spyware, Shields, etc. that you may have running, and remember to re-enable them later, upon completion.
Before using ComboFix it may be necessary to rename it before saving it to your desktop. If you have difficulties downloading it, try downloading to another machine, then into a USB memory stick (or equivalent). Rename it and connect to the problematic machine.
Double click "combofix.exe" and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
You could post that log together with a HijackThis log, in a reply for us.
Please do not mouseclick Combofix's window while it is running, because it may stall. It is absolutely normal for you to see a blue screen with flashing cursor, and this can last for up to 30 mins. Just let it run.
It works well in normal mode or safe mode !
i have good experience wuth MBAM :http://www.malwarebytes.o
You probably know this tutorial like the back of your hand, but just in case it's needed >
A guide and tutorial on using ComboFix:
http://www.bleepingcompute
Still wanna complete the nod32 scan and then rescan using malwarebytes again then if it comes up clean i will run xp repair one more time and see if it works. The other 3 times i ran repair, it still had infections so wasn't a good test. I don't wanna have to do clean install since this person uses laptop for work and really wants to keep settings etc. If i have to i can do a dual boot that way she can at least get her files if needed but don't know if i can do xp sp2 dual boot when original o/s is on sp3? It should work i think as long as you don't go from xp to 2000 or something like that. Will let you know and thanks again for all the good advice.
>don't wanna have to do clean install< << no problem, i fully understand & we'll do all we can to fix this machine .. it's become a challenge now !
Basically i agree with your comments on nod32 & Malwarebytes, you can't have too many good scanners 'at the ready'.
However, because of the apparant number of detected infections so far, ComboFix may well be the Tool for a final cleanup .. i'm also trying to save you another repair install.
Couldnlt run nod32 since doesn't perform install in safemode which i forgot so running trend micro housecall right now then will run the combofix as you instructed. Also, when you mentioned about the ntdll.dll file does it make sense that if this file did get corrupted that safemode would still work or does this only affect normal mode login?
When running Combo it really is important not to mouseclick Combofix's window,
it ~could ~ cause more trouble!
Incidently if after all this the issue is still unresolved, an alternative would be to remove the infected HD, connect it as 'slave' in another machine, then run ComboFix from the new machine.
Just to let you know, trendmicro will take antother 3 hours to complete since have big drive and of course remote scanning will take time as you know so will fill you in once its done and also, was thinking that even if trendmicro and combofix are able to completely clean the drive, since original infections probably already did damage to ntdll.dll file, will probably still have to do one more repair to get that file restored.
Hi,
after trendmicro cleaned the infected files(72 alttogether with spyware too), rebooted laptop and got into normal mode. Updating to xp sp3 now since it prompted me to do that for security patches anyway that way it will return her system to correct service pack prior to running repair. I will then run the nod32, reboot then run combofix, reboot then run malwarebytes then if good should be ok. Looks like virus was the culprit since it probably affected the logon process which is why it worked in safemode. Anyway, will let you know once i'm done and thanks so much again for all the help. Its more satisfying to clean the system and preserve her settings then to have to resort to clean install. But as you know i am not saying this is done till i get 3 successful reboots done and the antiviruses report 0 infections.
Ok, & good luck with the 3 reboots tonight.
Be interesting to see if the laptop starts creating new Restore points & whether System Restore is functioning again. You may wish to create restore points periodically between scanning.
Hopefully SP3 will successful, and at least you should be able to remove it if there is a problem as it's ~not~ been installed using a slipstreamed CD.
Hi,
sp3 installed ok and rebooted and so far so good. Running nod32 now and will see if that comes up clean. I actually had turned off system restore earlier this morning after the crash since i wanted to make sure that the virus was not regenerating itself using system restore even though it wasn't working properly before anyway but will turn it on after next reboot then will see if it works and can make restore points. Will try and get through the 3 reboots tonite then will turn it off and test few more times tomorrow before giving it back to my friend. It was a corportate laptop so don't know how they allowed so many infections. Its for a big well known company actually.
Just finished going through 5 reboots and looks good. Just some minor issues still. Turned on system restore but still couldn't create a restore point. Then i tried running combofix but it warned that avg and nod32 realtime scanners were on so i uninstalled nod32 and don't know why avg is being detected since i ran the uninstall utility from the nod32 website and it isn't running in the services or in task manager under processes. I decided not worth it to take a chance and run combofix since it might mess up system since i don't really need to run it coz i can already get into normal mode and infections have been cleaned with nod32 and malwarebytes. I even tried installing avg free 8.5 again but it had problem and couldn't install so i installed avast free edition and am running now. Will call it a day now and report tomorrow morning if everything still ok.
Thanks for the extensive report. As far as System Restore is concerned it may well benefit from
a System Restore reinstall, as per http://windowsxp.mvps.org/
i also understand how you feel about ComboFix .. it does present a *slight* risk to an o/s system, although it's worth running when a machine is quite heavily infected .. whereas the laptop appears to be quite clean right now.
FYI here's Superantispyware, which can be considered as complimenting Malwarebytes:
http://www.superantispywar
@ SaedSalman ... thanks, but what i meant by "i would expect Housecall to find something" was >> ..... that it would probably detect Malware and viruses, even though other scanners had actually found nothing ; )
Get into safe mode with network.
Then run autoruns obtained from www.sysinternals.com.
Now hide all the certified items from microsoft, refresh, and disable unsigned from the rest of the world.
That will let you boot.
Most likely cause is some copy=protection lowlevel driver which is not compatible with SP3
Reason for System Restore not functioning could conceivably be an infection in the _Restore folder although there shouldn't be anything in it because to my knowledge it was temporarily disabled.
If the problem still remains unresolved after using autoruns, maybe we'll have to consider running ComboFix after all.
Your ref: >glad we could solve it together< <<-- Yep, 'Teamwork' is the word that comes to mind .. it was an intriguing period : )
Hi,
just one more thing. been trying to update the definitions files for malwarebytes and even the avast and all fail referencing that maybe firewall is blocking but i turned windows firewall off. Also installed superantispyware and also fails on update. Maybe there is still infection as you mentioned. Wanna run combofix but my problem is it keeps warning about the avg scanner even though i uninstalled avg already. Is there a way to find out if avg is still running in background? I have looked at services and in processes in task manager and not much going on. Laptop is running fine though and at this point i won't even bother with system restore. thanks.
Yes, looks like some infection still remains ..
You could run Process Explorer version 11.31 to search for AVG:
http://www.microsoft.com/t
Later, you could ensure that System Restore is enabled in the registry >
Scroll to sub-heading "To enable or disable System Restore .."
Go to HKEY_LOCAL_MACHINE\SOFTWAR
If a "DisableSR" value doesn't exist, go to the Edit menu, select New, DWORD value, and create the value.
Set the value to 0 to "enable" System Restore.
Ref: http://www.kellys-korner-x
You could try running the 'Stinger' which is a utility that cleans the system of viruses, that block anti virus software.
http://vil.nai.com/vil/sti
Or see if HijackThis will run >
Trend HijackThis 2.02:
http://majorgeeks.com/Tren
You cannot check anything in normal running mode.
I suggest deinstalling all of security software in safe mode and then install some free antyspyware like Spybot S&D in networked safe mode and doing full scan and immunize while still in safe mode.
After that deinstall your avg and reinstall another AV like Antivir from free-av.com (since one failed you)
Can you post hijackthis report here for us to compare with working system (best from safe mode)?
Safe mode really is only mode when system is stable. Another way is to get some XP boot CD and do spyware scan when booted off the CD.
It is very simple API to replace normal filesystem calls with filtered ones and hide whatever spyware imaginable.
It might be useful to run specific tools for particular spyware if Spybot detects one. Ask here if it seems to be the case.
Hi Jonvee,
Just to update you, i was able to run malwarebytes and superanntispware along with avast antivirus and all came up clean in safemode. I still have problem in that i can only do the updates of definition files in safemode but in normal mode it keeps saying the firewall is blocking. Ran the sysinternals process module and doesn't show any firewall. Doesn't make sense. Any thoughts? I will still run the hijack this and post it just in case but aftere running all 3 scans and nothing detected, should be ok right? I think there is just somethin blocking the update process and my other idea is to disable startup items and see if it will allow update in diagnostic mode.
Thanks for update .. yes, detecting nothing after running all 3 scans should be ok, but i'll take a close look at HJT log & report back later.
For your Startup items presume you're using MSCONFIG .. but if you prefer, take a look at this method ... of running the command "services.msc" (no quotes)>
http://www.blackviper.com/
Still contemplating why you're getting "the firewall is blocking" messages.
From your HijackThis log these two entries appear to be the problem!
You'll find that the hujobehe.dll file is not recognised.
Assuming you do not recognise them either, *both* should be Fixed although they may well regenerate >>
O4 - HKUS\S-1-5-19\..\Run: [batuhomete] Rundll32.exe "C:\WINDOWS2\system32\hujo
O4 - HKUS\S-1-5-20\..\Run: [batuhomete] Rundll32.exe "C:\WINDOWS2\system32\hujo
You can also Fix these three with HJT, their files are missing anyway>
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-F
Then the last entry which HJT describes as 'possibly nasty'.
<quote> according to our database this process runs normally in c:\windows\! Check if you know this process and arrange a viruscheck where required<unquote>
C:\WINDOWS2\Explorer.EXE
Ok sounds good. I actually reran avast since i forgot i hadn't updated it since i had only done the other 2 in safemode but forgot avast and when i updated then ran again in safemode it found 4 trojans so far in restore folder which would make sense why system restore not working. It is 64% done but i hope it will fix those other ones you mentioned as well. Then i will run hijack this to try and get rid of them. I didn't know hijack this could clean files, i thought it only prints logfile. Good to know. Will let you know when i finish up.
You're doing ok ... but it's a bit uncanny, reading your update is like hearing my own future thoughts reflected back!
But yes, that's why the Restore isn't functioning ... after removing those Trojans we may find the _Restore folder is corrupted .. then maybe you'd want to try that SR repair procedure again to put it right.
Confirming also that HijackThis will clean/remove files .. but not all, it usually becomes a bit unstuck when faced with a rootkit, so over to "Rootkit Reveiller" or equivalent to resolve it.
Logging off now for an hour or so .. will drop by later
You have two antiviruses - AVG and avast. Deinstall both in safemode and install one. This sinister combination definetly causes problems (make sure to use "autoruns" mentioned earlier to remove their trails).
Also remove both suspect components spotted by Jonvee - google says they are very bad.
Let me suggest uninstalling all the anti-spyware (it failed you, Sir!!!!) and go with Spybot S&D or adaware
Ok hear back from you later. For now, what i did was deleted the 3 items found by avast then i removed all the items you listed in hijack this and rebooted. System restore works now so those infections did in fact affect system restore since that's the folder they resided in. Makes sense since virus doesn't want you to be able to use system restore to bring back good instance. Now i still have to deal with the updating of definitions files since that still references firewall. I will also run stinger and then finally combofix. I also had already used the services.msc command other day to see what services were running that could possibly relate to firewall as well as avg since combofix still warns a bout avg scanner. I even went through entire registry yesterday for any avg references and found a lot so deleted them and still gets identified by combofix. Do you think it is ok to go ahead and run it despite the warning since avg is not really running? Anyway i can use system restore now if it does something adverse to my system(ha ha).
One other thing i noticed jus now. All this time i have been using firefox for all the internet stuff and so i tried bringing up internet explorer and it doesn't work. Wondering if the updates are set to use internet explorere in normal mode and in safe mode it uses firefox which is why it works in one and not the other. Wiill test it and let you know.
Hi again, also just noticed that when i was trying to download stinger from a few different sites like cnet for instance, i would get redirected to another page so most likely have a hijacker infection correct? I did not get rid of that last line item relating to internet exploer so will do that and will double check the hijack this again and will post again for you to look at. thanks.
You've probably started the Combo scan by now? Just a thought, if those User documents are really valuable, we could consider removing the Harddisk & connecting as slave in a working computer .. take off the docs and THEN do a ComboFix scan in the same "working" machine .. but that's probably acedemic by now?
>internet explorer and it doesn't work< << could be we'll need to run this script ~later~ to fix your connection.
It will reinstall winsock, the TCP/IP stack, and the HOSTS file.
http://downloads.subratam.
>redirected to another page so most likely have a hijacker infection correct? < Yes.
Incidently gheist is correct when he says two antiviruses make a sinister combination that causes problems.
Hi,
away from the laptop right now and am using someone else's pc but will update you guys in about an hour when i get back. We fixed all the problems so far except this inabllity to update in normal mode so definately don't wanna do a clean install since i would have done that long ago as it is easiest method but in this case, had to keep user data and settings intact so am glad it works this well. I never had 2 antiviruses only avast since avg i had removed few days ago with avg uninstall utility from nod32 site. Problem is it keeps getting recognized by combofix even though it is not running. The system restore was still ok as well so just need to get the firewall issue fixed if indeed it is a correct message. Stinger was running when i left so will be done when i get back and will let you know what it detects. I actually downloaded it originally from cnet site but it was 2 years outdated so got latest and greatest now.
I know avg is made by grisoft but if you look at nod32 site they are one of the few if any antivirus vendors that have all of the other antivirus uninstallers for you to use such as norton,macafee,sophos,avg etc. I used this and then i also had installed avg couple of days ago the free version and used their uninstall as well and still it shows up on comboxfix warning after i even deleted all instances of it on the registry. The stinger scan came up clean. The firewall message when attempting to update the definitions files for avast, malwarebytes or superantispyware is: "There was an error trying to retrieve the definitions. Make sure your firewall is not blocking Superantispyware.exe from accessing the internet. Just in case you might ask, the error reads the same for the other 2 except instead of "Superantispyware" it reads "Malwarebytes" and "Avast" as well. So question is why would this work in safemode and not in normal mode? I have also run spybot and adaware se and both came up clean in safemode.
"There was an error trying to retrieve the definitions. Make sure your firewall is not blocking Superantispyware.exe from accessing the internet"
You should be able to remove this error by running FixIEDef.exe
*These instructions are available thanks to rpggamergirl *
<quote>
Download FixIEDef by ShadowPuterDude to the Desktop.
http://downloads.malwarete
Disable real-time protection that can interfer with FixIEDef:
*Disable Windows Defender until the computer is clean
Open Windows Defender
Select Tools and then General Settings
Under Real Time Protection Options uncheck Turn on real-time protection
Select Save
Don't forget to re-enable it, when your computer is clean.
*Disable SUPERAntiSpyware until the computer is clean
Right-click on the shortcut from the system tray
Choose View Control Center (preferences/options)
On the General and Startup tab, uncheck Start SUPERAntispyware when Windows starts.
Click Close to exit.
Don't forget to re-enable it, when your computer is clean.
*Disable Teatimer
First:
Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
Choose Exit Spybot S&D Resident
Second:
Open Spybot S&D
Click Mode, check Advanced Mode
Go To Left Panel, Click Tools, then also in left panel, click Resident
If your firewall raises a question, say OK
Uncheck the box labeled Resident Tea-Timer and OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.
Double-click FixIEDef
Click 'OK'
Click 'Scan'
Click 'OK' FixIEDef requires Adminstrator Privileges to run correctly. This box tells you that FixIEDef successfully elevated it's privileges to that of Administrator.
Wait for the scan to finish. It won't take very long.
WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running, during removal of malicious files. The icons and Start Menu on your Desktop will not be visible while FixIEDef is removing malicious files. This is necessary to remove parts of the infection that would otherwise not be removed.
Everything will be restored to normal, once the malicious file is removed.
Click 'Exit' once FixIEDef displays the All Finished message.
<unquote>
Hi,
i atually figured it out about 15min ago and it is related to admin. All the time in safemode i am logged in as admin and updates worked. Then in normal mode i am logged in as the person who i am fixing this for who has admin rights but it fails. I then logged into safemode but as that same person in normal mode and it failed in safemode so i then switched users to admin and it worked. I reinstalled 2 of the apps as that user in normal mode and the updates worked. The FixIED would have worked but it is more work but based on same principle of admin rights as the cuplprit nothing to do with any firewalls which is why i mentioned in one of my prior posts that i i don't think it is firewall but a false message and something else. Now i will just try and fix Internet explorer from your instructions and should be fully operational. It was rewarding to finally find out what was causing the firewall error. Thanks again for all the help and sorry i didn't tell you earlier and would have saved you all the verbage on the FixIED instructions.
No problem .. anyway we all now have an excellent piece of FixIEDef
instruction, thanks to rpggamergirl.
As there's no Combo logfile, i'm not absolutely sure you ran it or not. If you did, it would be wise to remove it when you're *absolutely sure* you've finished with it.
Uninstall ComboFix as follows >
Start > Run > then type "ComboFix /u" (with no quotes, and space between x and / )
Then hit enter. This will uninstall ComboFix, reset your clock settings, re-hide system hidden files, re-hide the file extensions and reset System Restore.
For extra help on the IE repair this is a good site>
http://windowsxp.mvps.org/
If unsuccessful it could conceivably be router or externel DNS problem.
Try the google.com IP >> http://64.233.187.99
If you can access this IP ok, then it's likely to be a DNS issue.
Therefore try running ipconfig /flushdns to remove your cached DNS values.
For IE
use internet options as particular user and reset to defaults everywhere.
if no luck still: use same autoruns, and use it to remove/disable IE extensions, then uninstall and reinstall legit ones - flash and java and silverlight at least.
If it does not work after all those attempts - you can remove user profile (save a copy in .zip before to get some documents)
What is your IE version btw?
Hi,
solved the ie problem finally. It had to do with the user profile which was corriupted so i simply created a new one after deleting the other one and in fact there were 2 other user profiles on the machine that i never even tested and they both worked fine for internet explorer as did the new user and so that was the real cause of the updating issue because none of the apps updaters could get out to the internet using that corrupted user profille which is why admin always worked but i could never test admin in normal mode coz in xp it only allows admin in safemode or if there are no other users except guest account. I've since then run several scans again with spybot and malwarebytes and avast and all reported clean. I made sure to also run a manual restore point which went fine. Thanks again guys for all the informative and intelligent advice. Is there a way i can award additonal points since i had already divided it previously since i have never done it before? Would really like to give more if possible.
Glad to hear you've finally resolved all problems!
You asked about closing the question>
http://www.experts-exchang
If you click "Asking Questions"then click "How do i close a question".
Several sub-headings here including "Accept multiple solutions", the choice is yours ...
If you have difficulties and accept the wrong solution, just click the Request Attention button, and ask the Moderators to change the grade for you.
how to close a Q : http://www.experts-exchang
If you wish to split the points, here's another way of describing how to do it, and close a thread. Each comment box has a button that says Accept Multiple Solutions.
Click it, and you will see a page that allows you to assign points to *any* of the comments in the thread. There is also a "grade" box at the bottom of the page.
Also note that the total number of points of the "split points" must equal the amount you asked in the question, which in your case was 500. Also, no comment can receive fewer than 20 points.
The 1st comment selected, of those that were posted first, is given the title "Accepted Solution", and any other(s) selected, automatically get the "Assisted Solutions" award.
Sounds a bit complicated perhaps, but it appears to work well.
Hope that helps & thanks for your time.
Business Accounts
Answer for Membership
by: SaedSalmanPosted on 2009-03-08 at 17:24:23ID: 23832171
Hello, I just want to share this:
Think about recently add device, unplug it and uninstall its driver. Then, if your pc works properly, plug the device and re-install the the latest version of device driver.
at the end, I have a curiosity to know the solution :) and now I am monitoring it.
Best Regards,