Random Pop-ups when IE Browser Closed + Multiple Iexplore.exe in Taskbar
- Thread starter chibikaz
- Start date
- Status
Bobbye
Posts: 16,313 +36
The logs look clean to me- with one exception. SAS is still showing Bearshare. I suggest you search for all Bearshare related entries and delete them:
Are you having any of the original problems now? Random Pop-ups when IE Browser Closed + Multiple Iexplore.exe in Taskbar? If not, I think we can remove the cleaning programs and old restore points.
* Download OTCleanIt (http://download.bleepingcomputer.com.../OTCleanIt.exe)
It's been a pleasure working with you. Please let us know if you need further help.
(Sorry for the uppercase letters. I did a copy and paste from SAS)
Are you having any of the original problems now? Random Pop-ups when IE Browser Closed + Multiple Iexplore.exe in Taskbar? If not, I think we can remove the cleaning programs and old restore points.
* Download OTCleanIt (http://download.bleepingcomputer.com.../OTCleanIt.exe)
Clear your existing System Restore points and establish a new clean restore point:
It's been a pleasure working with you. Please let us know if you need further help.
The original problem appears to be gone. I had avoided using Internet Explorer during our removal process since the Adaware.Lop seemed to kick on the ads once iexplore had been opened once. I haven't received any random pop-ups after opening Internet Explorer, and upon checking the Task Manager, only one iexplore is running!
A few quick questions:
1) I disabled start up functions for all non-Symantec programs as requested a while back. Are there any I should renable after I set up the clean restore point? I could provide a screencap of the program listing if you'd like.
2) When you say it removals all tools, I'm a little confused what all that entails. Could you please clarify what type of tools/programs? Do you mean it removes Anti-Malware Bytes, Super Spyware, etc downloaded just for this session? Do you mean it deletes any sort of tool program dealing with spyware (e.g. Windows Defender, Spybot), or do you mean it deletes any extraneous program with a tool-like designation (e.g. keyboard control programs)?
3) I just tried to go to the site http://download.bleepingcomputer.com, but received 404 messages and a "problem loading page" message. Despite clicking on the link, the full address never popped up, which might be the problem the loading page message. It came up in the address bar as:
"http://download.bleepingcomputer.com.../OTCleanIt.exe" I tried deleting the ellipsis and received a 404 error.
It has been an absolute pleasure working with you as well, and thank you so much for taking the time and effort to help me restore my computer and identify potential future hazards. I can't tell you how much I appreciate it!
A few quick questions:
1) I disabled start up functions for all non-Symantec programs as requested a while back. Are there any I should renable after I set up the clean restore point? I could provide a screencap of the program listing if you'd like.
2) When you say it removals all tools, I'm a little confused what all that entails. Could you please clarify what type of tools/programs? Do you mean it removes Anti-Malware Bytes, Super Spyware, etc downloaded just for this session? Do you mean it deletes any sort of tool program dealing with spyware (e.g. Windows Defender, Spybot), or do you mean it deletes any extraneous program with a tool-like designation (e.g. keyboard control programs)?
3) I just tried to go to the site http://download.bleepingcomputer.com, but received 404 messages and a "problem loading page" message. Despite clicking on the link, the full address never popped up, which might be the problem the loading page message. It came up in the address bar as:
"http://download.bleepingcomputer.com.../OTCleanIt.exe" I tried deleting the ellipsis and received a 404 error.
It has been an absolute pleasure working with you as well, and thank you so much for taking the time and effort to help me restore my computer and identify potential future hazards. I can't tell you how much I appreciate it!
OTCleanIt.exe
http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe
@Bobbye please update your link to OTCleanIt
http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe
@Bobbye please update your link to OTCleanIt
Thank you very much! I was going to ask if I should just manually uninstall some of the programs. What exactly does this clean?
I do have a different set of problems, however. When attempting to turn System Restore back on--I turned it off during removal as advised by the steps to remove malware--I keep getting an error message saying:
"System Restore encountered an error trying to enable/disable one or more drives. Please restart your machine and try again."
I did, to no avail. It also failed to run Scan Disk, saying it didn't have access to some files needed that would only be available on start up, but I'm sure it would be the same issue as with the System Restore--that upon reboot it still would fail to do so. Something that should be running is definitely not.
Could this be the result of having some of the start programs Bobbye had me disable during removal still disabled? Or some of the services the computer tech guy disabled? I can take screen shots of both screens if that would help in diagnosing the issue.
Please let me know. Thanks.
I do have a different set of problems, however. When attempting to turn System Restore back on--I turned it off during removal as advised by the steps to remove malware--I keep getting an error message saying:
"System Restore encountered an error trying to enable/disable one or more drives. Please restart your machine and try again."
I did, to no avail. It also failed to run Scan Disk, saying it didn't have access to some files needed that would only be available on start up, but I'm sure it would be the same issue as with the System Restore--that upon reboot it still would fail to do so. Something that should be running is definitely not.
Could this be the result of having some of the start programs Bobbye had me disable during removal still disabled? Or some of the services the computer tech guy disabled? I can take screen shots of both screens if that would help in diagnosing the issue.
Please let me know. Thanks.
Bobbye
Posts: 16,313 +36
If 'C' is the Local Drive, that's what System Restore needs to be monitoring. If there is a check in 'Turn off System Restore', UNCHECK it.
Post #27 gave directions for dropping the old restore points and setting a new one. Did you do that? Could you have checked the 'turn off' then?
Post #27 gave directions for dropping the old restore points and setting a new one. Did you do that? Could you have checked the 'turn off' then?
Unfortunately, I had already tried do to that several times before posting here.
In that earlier post, I was saying that I received that error message when attempting to turn on System Restore after it was disabled via the checkmark method. I turned it off when following Symantec's removal instructions of BackdoorTidserv!inf, the first step of which is disabling System Restore. The problem didn't stop there though and I realized through your posts at TechSpot here that Adaware Lop was also an issue.
I just tried to manually start the service via the Services (Local) panel, but it told me it started and then stopped. Also, other discussions of System Restore problems discuss a list of available drives, but all my System Restore page says is C Monitoring Turned Off and Turn on/Off System restore text box with a min or max space allotment.
In that earlier post, I was saying that I received that error message when attempting to turn on System Restore after it was disabled via the checkmark method. I turned it off when following Symantec's removal instructions of BackdoorTidserv!inf, the first step of which is disabling System Restore. The problem didn't stop there though and I realized through your posts at TechSpot here that Adaware Lop was also an issue.
I just tried to manually start the service via the Services (Local) panel, but it told me it started and then stopped. Also, other discussions of System Restore problems discuss a list of available drives, but all my System Restore page says is C Monitoring Turned Off and Turn on/Off System restore text box with a min or max space allotment.
Here are screen shots of the two error messages I've received for Windows functions:
Check Disk Error in being able to scan files
Unable to turn on System Restore
I think there is a fair possibility some service was disabled along the line that messed this up because the tech personnel did say he disabled a lot of services.
Please advise what I should do to restore functionality. I'm very uncomfortable not having System Restore enabled or being able to check for errors with check disk.
Check Disk Error in being able to scan files
Unable to turn on System Restore
I think there is a fair possibility some service was disabled along the line that messed this up because the tech personnel did say he disabled a lot of services.
Please advise what I should do to restore functionality. I'm very uncomfortable not having System Restore enabled or being able to check for errors with check disk.
Attachments
Bobbye
Posts: 16,313 +36
Argggggggggggg!
The Services are a finely tuned group of functions that must be set correctly because of the Dependencies. A tech should know this, but many don't. They whack them off and don't check the Dependencies- other Services that need this Service o run, OR they don't take into consideration what other Services THIS Service need to run.
Some MUST be set to Automatic, because they need to start on boot. Many can beset to Manual, in order to start up only when needed. And some CAN be Disabled, but it must be carefully done, with the Dependencies considered for each one.
Start> Run> services.msc> right lick on 'System Restore Service> Properties> Set startup to Automatic> Start the Service. There is only one Dependency, RPC, which should already be set to Automatic- not much works without it.
You'll be please to know that what you are seeing for Chkdsk is not an error. When you check both boxes on the Error Checking screen, it requires you to reboot to start. Rather than schedule it 'for the next boot' I do it then. All you have to do is reboot and the Error Check should start in 9 seconds. Let it complete.
Let me know status after handling these two functions.
*head desks* Ugh, that could very well have been what happened then!
I went into the Services panel and System Restore was set to Automatic, but when I attempted to start it, I got a message saying it started and then stopped, and when I went to check on the System Restore tab, it is still listed as turned off, with a status of C monitoring off.
I looked for RCP (Remote Call Procedure, correct?) and saw that the RCP was set to Automatic and Started, and the RCP Locator was set to manual and started.
Should I change that to automatic?
That's great news about the Check Disk, and thank you for the heads up on that!
I went into the Services panel and System Restore was set to Automatic, but when I attempted to start it, I got a message saying it started and then stopped, and when I went to check on the System Restore tab, it is still listed as turned off, with a status of C monitoring off.
I looked for RCP (Remote Call Procedure, correct?) and saw that the RCP was set to Automatic and Started, and the RCP Locator was set to manual and started.
Should I change that to automatic?
That's great news about the Check Disk, and thank you for the heads up on that!
I read through the trouble shooting with System Restore. It keeps mentioning being able to view the available drives list, and I wanted to note that I do not have this option. On my System Restore tab, I cannot view the list of drives and ensure that the drive I want to be monitored is selected.
I have 80 Gig free on this computer so the drive space is not an issue.
The first method said it started System Restore successfully, but it's still listed as turned off when I go into the tab and it is still not showing up as started in the Services tab.
I read through the event logs, but didn't see any sr for sr services listed, just System Control Manager information.
Also, I went through the error logs and was alarmed to see so many errors listed throughout December, some of which have multiple listings on different days:
A) Error code 000000ea, parameter1 896b2020, parameter2 8972b710, parameter3 89561bd8, parameter4 00000001.
B) TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
C) The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.
D) The Intel® Quick Resume Technology Drivers service hung on starting.
E) Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll.
F) Printer Microsoft Office Document Image Writer is pending deletion.
**Does this just mean the printer was deleting a document? Because it makes it sound like the whole printer connection was being deleted.
G) The driver ialmrnt5 for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates.
H) DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
I'm particularly concerned about A, B, D, G, and H. It looks like these errors occurred in December after the Tech came by, and we had started the cleaning process. My computer has installed some Automatic updates since that time as well.
What do you suggest I do? Would any of this be remedied by going to see if there are more Automatic updates to install? I'd prefer to wait on that until I have System Restore running, so I'm heading onto the next method of restoring that.
I have 80 Gig free on this computer so the drive space is not an issue.
The first method said it started System Restore successfully, but it's still listed as turned off when I go into the tab and it is still not showing up as started in the Services tab.
I read through the event logs, but didn't see any sr for sr services listed, just System Control Manager information.
Also, I went through the error logs and was alarmed to see so many errors listed throughout December, some of which have multiple listings on different days:
A) Error code 000000ea, parameter1 896b2020, parameter2 8972b710, parameter3 89561bd8, parameter4 00000001.
B) TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
C) The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.
D) The Intel® Quick Resume Technology Drivers service hung on starting.
E) Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll.
F) Printer Microsoft Office Document Image Writer is pending deletion.
**Does this just mean the printer was deleting a document? Because it makes it sound like the whole printer connection was being deleted.
G) The driver ialmrnt5 for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates.
H) DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
I'm particularly concerned about A, B, D, G, and H. It looks like these errors occurred in December after the Tech came by, and we had started the cleaning process. My computer has installed some Automatic updates since that time as well.
What do you suggest I do? Would any of this be remedied by going to see if there are more Automatic updates to install? I'd prefer to wait on that until I have System Restore running, so I'm heading onto the next method of restoring that.
I didn't add this question into the other post because the first post is monstrous as is:
When getting advice on how to do a registry back up here and here, the back up relies on System Restore being able to be used, which is a problem. I tried exporting, but it suggests doing that only for specific branches. The second site references being able to back up the entire registry and links to the first article, but that too seems to rely on System Restore.
Any suggestions? Do I need to download another utility like ERUNT?
When getting advice on how to do a registry back up here and here, the back up relies on System Restore being able to be used, which is a problem. I tried exporting, but it suggests doing that only for specific branches. The second site references being able to back up the entire registry and links to the first article, but that too seems to rely on System Restore.
Any suggestions? Do I need to download another utility like ERUNT?
Bobbye
Posts: 16,313 +36
This thread is now 3 weeks old and over 40 posts later. We completed the original malware cleaning and you are wanting to handle Service changes and random Events- some of which may not actually be Errors. Listing Errors randomly without respect to what you were doing at the time or what was happening at the time is not recommended.
When using the Event Viewer to look for Error that correspond to a particular problem, this should be done:
Start> Run> type in eventvwr
A. Windows Event ID 1003 from System Error code 000000ea
See: http://support.microsoft.com/?kbid=293078&sd=RMVP
B. TCP/IP has reached the security limit
You tried to connect and failed three times.
C. The system clock is unsynchronized.
D. Full Error:
Need full Error copy for these: They sound like Information Events, not Errors.
G. The driver ialmrnt5 for the display device \Device\Video0 got stuck in an infinite loop.
When using the Event Viewer to look for Error that correspond to a particular problem, this should be done:
Start> Run> type in eventvwr
Some Services DO NOT start in Safe Mode, so if you were in Safe Mode at the time the Error was logged, you tried to do something that required the Service but it wasn't available. Ignore 'H'.
A. Windows Event ID 1003 from System Error code 000000ea
See: http://support.microsoft.com/?kbid=293078&sd=RMVP
B. TCP/IP has reached the security limit
You tried to connect and failed three times.
C. The system clock is unsynchronized.
D. Full Error:
Need full Error copy for these: They sound like Information Events, not Errors.
G. The driver ialmrnt5 for the display device \Device\Video0 got stuck in an infinite loop.
After you resolve these, if you require further help, please start a new thread in the Windows or Software Forum. Tell us what the problem is, what you are doing at the time and paste a copy of the corresponding Event Error.
Need Help Please
Bobeye,
I have the same problem with Chibikaz is having except I it when I have random adverstings that pops up in audio files and random music files play that I don't own. When I open task manager see approx. 30 ixplorer windows running the background and I can't stop them. I have Norton 360 and it doesn't seem to see anything on my computer. Should I follow the same steps listed above. I don't know where to find log's etc to show you data from my computer. Please help.
Bobeye,
I have the same problem with Chibikaz is having except I it when I have random adverstings that pops up in audio files and random music files play that I don't own. When I open task manager see approx. 30 ixplorer windows running the background and I can't stop them. I have Norton 360 and it doesn't seem to see anything on my computer. Should I follow the same steps listed above. I don't know where to find log's etc to show you data from my computer. Please help.
Bobbye
Posts: 16,313 +36
This thread is for the use of chibikaz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Virus and Malware Removal Forum.
papaken4
If you suspect malware, start a new thread and please follow the Steps in the Viruses/Spyware/Malware Preliminary Removal Instructions: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Attach the logs to the new thread with comment on problems. We will then review the three logs.
papaken4
If you suspect malware, start a new thread and please follow the Steps in the Viruses/Spyware/Malware Preliminary Removal Instructions: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Attach the logs to the new thread with comment on problems. We will then review the three logs.
- Status
Similar threads
Latest posts
-
Worry your friends with this $9,420 flamethrower robot dog
- Tinderbox replied
