After Hard Drive Wipe and Reload

Here's the Zipped folder:

Delete it! Right-click on the folder on your desktop and select Delete from the popup that appears. Do not open this folder!

Next, do the new instructions I gave you in my last post and then run your anti-malware programs to make sure you haven't picked up something. Avast is working now, isn't it? If you hover over the icon it should tell you that your system is secured.

When you finish running spybot, malwarebytes and superantispyware, also schedue a boot-time scan of Avast. To do a boot-time scan:

1. Open Avast and on the left side, select Scan Computer, and under that select Boot-time Scan.
2. Click the "Schedule Now" button in the right pane, then click the "Restart Computer" button that appears. It will run when your system reboots, and it will take a while for windows and your desktop to appear, so be patient. You can go do something else and come back later to it.

Okay, that zipper folder is Deleted!!

Here's the order I plan to go with.

After this post, I'll run my printer CD setup, so I can print your instructions. Then I'll do the new instructions you gave in your last post and then run anti-malware programs.

Do I do Defrag next?

Let me know if this sounds Okay?

wcturner wrote:

Okay, that zipper folder is Deleted!!

Here's the order I plan to go with.

After this post, I'll run my printer CD setup, so I can print your instructions. Then I'll do the new instructions you gave in your last post and then run anti-malware programs.

Do I do Defrag next?

Yes

Let me know if this sounds Okay?

Sounds like a plan - go for it!

Repa said: Do you have an icon for SGTray.exe in your system tray?

I said: No. And, I'll try the registry edits you suggested when time permits. Thanks.

Repa said: Avast is working now, isn't it? If you hover over the icon it should tell you that your system is secured. Yes, Avast has been working, I forgot to reply to that. Question about hovering over Icons in System Tray. Sometimes when hovering the text is not always all the way up where it is visible. The text balloon will not completely rise up from below the Task Bar. Do you know what I mean, and if you do, what can be done to correct that problem?

Okay, just got your instructions printed. It's going to take some time do get all that done. Wish me LUCK!!

Repa said: Avast is working now, isn't it? If you hover over the icon it should tell you that your system is secured.
Yes, Avast has been working, I forgot to reply to that. Question about hovering over Icons in System Tray. Sometimes when hovering the text is not always all the way up where it is visible. The text balloon will not completely rise up from below the Task Bar. Do you know what I mean, and if you do, what can be done to correct that problem?

Okay, just got your instructions printed. It's going to take some time do get all that done. Wish me LUCK!!

Repa, I went to Edit to try to delete this post, but, didn't see how. I thought I'd seen that you can delete posts? Guess you'll have to delete this.

Well, it's late and I was gonna try to get the wild tangent folder deleted, but, before I could get started, several windows opened on the desktop. I'll try to post them.



I didn't send the report. Was that the correct selection?

Got another one. I know I had 3 scr. shots, but, I didn't see the third one.

Do you know what this is, and is it cause for concern?

Am I cursed by the computer gods, or wonder why I have all these pop up windows?

Repa,

I have some more screen shots to post, but, I think maybe it's a good idea not to get too far ahead, so I'll wait for your reply before posting those shots.

I still need to do the avast boot time scan, and defrag, and I'm unsure if I should do them before you address my last several posts. So, I'll wait, unless you tell me different.

WC, I just haven't had time to answer - weekends are full for me as I teach a financial course Sunday evenings as well as everything else that goes on. I looked briefly at your posts and think you may need to download the latest driver for your printer in order to fix the Generic Host Process for Win32 Services. When you get those popups, you don't need to send the report.

Go to HP's website, look for a Support or Download button on the menu bar, and search for downloads by your printer model # and name. There should be some text boxes for you to input that info for it to search on and find downloads for your printer if there are any. Download and install the latest driver if you find one - follow the directions given by the wizard and read any instructions given on the download webpage.

That screen print on Malwarebytes - isn't that the icon in the system tray for Malwarebytes? If so, you need to turn the trial realtime service off and just use it as a scanner. Windows Defender is doing that realtime job for you. See if you get that popup after doing that. If you do, we'll need to uninstall it, run a utility and then install the latest version. Let me know what happens. In the meantime....

I am a little concerned that you have picked up something with those popups suddenly starting to appear. I hope it is just due to the installation of your printer software in conjunction with SP3. Make note of the restore point before that install in case you need to go back to before you installed the printer.

Just to rule out malware, run the boot-time Avast scan, then update and run Malwarebytes (if it won't run, try running in safe mode, and if it won't run there, uninstall and reinstall it, update it and try running it again), and then update and run SuperAntiSpyware.

Also, do a search on SGTray.exe and let me know what folder you find it in on your hard drive.

I want to get these other screen shots posted, & then I'll try the BootTime scan. On my Limited account desktop the text under the icons turned blue again yesterday. This is enough to drive anybody bonkers. I don't understand why all this stuff keeps happening, especially after the wipe&reload.?



I need you to tell me about these findings. The wild tangent entry, I clicked the "Fix It" option, & it's in the "Recovery". The other 2, I wasn't sure what to do, so I did nothing, & was gonna wait for you to see them. Now, I'm not sure where those entries are> I assume I will have to scan again to see if Spybot finds them again.?? I ran the scans in Safe Mode, and I had trouble finding them. I always have trouble with safe mode & screen shots.

Anyway, hope you know what to do here?

This is the first shot of the Ccleaner results, after following your instructions. The 2nd. shot coming up.

This is the "Fixed" shot from your Ccleaner instructions. I hope this is correct?

And, I'm thinking it's Okay to delete the screen shots from out of "My Pictures", after posting them here. Is that correct?

This I found today, while looking for the screenshots I made over the weekend, scanning in safe mode. I hope you will know what this is. I clicked on it, or hovered, I forgot, anyway, it said are you sure you want to add this to your Registry. I said "No". I was just trying to find out what it was. & why it was there.?

wcturner wrote:

This I found today, while looking for the screenshots I made over the weekend, scanning in safe mode. I hope you will know what this is. I clicked on it, or hovered, I forgot, anyway, it said are you sure you want to add this to your Registry. I said "No". I was just trying to find out what it was. & why it was there.?

When you were in ccleaner and used the registry option, you responded yes to save the registry file before making changes, and the file you clicked on is that saved file. When you click on a .reg file, the system assumes you want to restore the registry to whatever values are in that file, and will ask you first to be sure that is what you want to do. If you reply yes, all the values you had in the registry before you did the registry operation will be restored from that file.

On the Spybot Stuff - fixing wildtangent was ok. On the other stuff, do the following:

1. Select Start > Settings > Control Panel
2. In the Control Panel, select Windows Firewall
3. On the General Tab in Windows Firewall:

a. Make sure On is selected, and not Off
b. Select “Don’t allow exceptions” if it isn’t selected, or go to the Exceptions tab and deselect everything that is checked.

4. Click Ok

While still in the Control Panel, Click on the Windows Security Center icon and check to make sure that both Windows Firewall and Virus Protection are ON. Automatic Updates can be On or Off, depending on your preference.

1) Repa said: and will ask you first to be sure that is what you want to do. If you reply yes, all the values you had in the registry before you did the registry operation will be restored from that file. So, I click yes to add that info to my registry, CORRect? And, does the Registry Editor always save it in a folder, like it did in mine. It seems to me that a window would open up while you are doing the Registry stuff, and ask you then if you want to "Add the information" to the registry". What if I had not found this Registration Entries?


2) About the Spybot Windows Firewall stuff, Would I have been wrong, or what would have happened if I had clicked the "Fix It" option, for that as well? Would that have caused a problem?

3) I ran the Avast Boot-Time scan this afternoon after my last post. And, as you & I both suspected, I was infected. I'll try to get a screen shot posted of the results.

4) Is it Okay to delete the screen shots from out of "My Pictures" after I post them here, so I'll have more space. There's no need to keep them is it?

wcturner wrote:

1) Repa said: and will ask you first to be sure that is what you want to do. If you reply yes, all the values you had in the registry before you did the registry operation will be restored from that file. So, I click yes to add that info to my registry, CORRect? And, does the Registry Editor always save it in a folder, like it did in mine. It seems to me that a window would open up while you are doing the Registry stuff, and ask you then if you want to "Add the information" to the registry". What if I had not found this Registration Entries?


NO! You saved those registry values in case something went wrong with the registry operation in ccleaner. It's just like System Restore - a time to go back to if what you did screwed something up. That's the only time you would ever use it.

2) About the Spybot Windows Firewall stuff, Would I have been wrong, or what would have happened if I had clicked the "Fix It" option, for that as well? Would that have caused a problem?

No. Did you check what I posted to make sure things were set right?

3) I ran the Avast Boot-Time scan this afternoon after my last post. And, as you & I both suspected, I was infected. I'll try to get a screen shot posted of the results.

4) Is it Okay to delete the screen shots from out of "My Pictures" after I post them here, so I'll have more space. There's no need to keep them is it?

No need to keep them.

wcturner wrote:

Here's the boot time scan results. Please explain to me, such as was this the cause of strange computer behavior?




No, that wasn't the cause. Don't know yet what that A0012449.exe is in the System Volume Information_restore, but the other 2 are PUPs that are not dangerous. If you don't see any thing wierd by having removed them, leave them in the virus chest for the time being.

About A0012449.exe, look to see if you have this folder on your PC:
C:\Program Files\Yahoo!\Messenger\

If not, I suspect A0012449.exe is a trojan.

Placing in the Virus was the proper thing to do, and not Delete, Correct?

Yes

Also, I was going to do the Defrag in Safe Mode, but, after clicking "Restart", and it began, then the screen turned black, and instead of letting be go into safe mode, screen stayed black and the fans just keep running like they do upon StartUp. So, I didn't know if it would cause any damage or not, so, I just held the On button in til the computer turned off. I turned it back on, after a couple of minutes, and did the Defrag in Normal mode. Does it matter which you do defrag, in Normal, or safe Mode?


Normal mode is fine.

you need to run all your anti-spyware programs and see what you find. If you find nothing, run Avast again in a Boot-time scan and see if it finds another A00xxxxx.exe program. Quarantine anything found in these runs.

On the Spybot Stuff - fixing wildtangent was ok. On the other stuff, do the following:
1. Select Start > Settings > Control Panel
2. In the Control Panel, select Windows Firewall
3. On the General Tab in Windows Firewall:
a. Make sure On is selected, and not Off
b. Select “Don’t allow exceptions” if it isn’t selected, or go to the Exceptions tab and deselect everything that is checked.
4. Click Ok
While still in the Control Panel, Click on the Windows Security Center icon and check to make sure that both Windows Firewall and Virus Protection are ON. Automatic Updates can be On or Off, depending on your preference. I'll get back to you on this.

Repa said: you need to run all your anti-spyware programs and see what you find. If you find nothing, run Avast again in a Boot-time scan and see if it finds another A00xxxxx.exe program. Quarantine anything found in these runs.
You didn't say, so do I run the anti-spyware programs in Normal Mode, or Safe Mode? And, I probably should run them in the Full Scan mode, what do you say?

You need to make sure your firewall settings are what I posted above.

Run ccleaner Cleaner option before running your malware scans and then don't go back on the internet until the scans are completed. Also, Disable and then enable Restore before running the scans. To do that:

1. Right-click My Computer > Properties > System Restore tab.
2. Check the box beside "Turn off system restore on all drives" and click ok.
3. Wait 30 seconds and then Right-click My Computer > Properties > System Restore tab.
4. Un-check the box beside "Turn off system restore on all drives" and click ok.
That's it. You should now have only one restore point that was set when you enabled system restore in steps 3 -4. If the A00 programs show in the System Volume Information again, it is because there is a live malware on your computer somewhere that is regenerating itself and was there when the new restore point was generated upon enabling, and hopefully the scans will find and kill it.

If you can run the scans in safe mode, full scan, it'll take longer, but malware won't be active and thus easier to find if there. When you run another boot-time scan of Avast, before scheduling the scan, click the "settings" link and uncheck "Scan for potentially unwanted programs (PUPs)."

I'm sorry you're having all these problems, WC.

I did not get to begin your instructions from your last post yet, didn't have time. I did get to some things that you previously asked about, and I'm including 3 screen shots. Screen shots: one is SGTray you requested. One is Win. Firewall. And also one that could be similar to the generic host problem, unsure.
Okay, your board said the SGTray screen shot was not allowed, & when I just looked in My Pictures and double clicked it it was just black, so it can not be seen. But, I wrote it down, the locations. There was 2 references. 1) C:\WINDOWS\Prefetch; 2) Common Files\Sonic\Update Manager

Well, since the screen shot of SGTray would not post, I was gonna delete from "My Pictures". I did a screen shot of the window that opened. Then maybe you can tell me if it is Okay to delete from "My Pictures"?

Let me try the Firewall shot. As you see there's a lot of Kodak boxes checked in there. I unchecked all the boxes in there as you suggested. Do you think all the Kodak checks were the problem?

This last shot is a window that opened up, I think I had closed my browser from email. Your file type is not allowed is what I got when trying to post this last screen shot. When I go to My Pictures and click to open it up to full size, it pops up like the other photos there, but it comes up Black, and does not remain up. I failed to write the text all down, cause I thought the screen shot would work. The best recollection I have is that Windows wanted me to send an Error Report, because OPXPApp.exe(I think .exe was on the end of it's name), and I think it said it had to Close. And, I assume that it is Okay to delete this last screen shot out of "My Pictures", because when I clicked to delete it, the window that opened said "Are you sure you want to send to recycle bin" It should be Ok to delete this won't it? And, do you know what it means?

I still haven't got to the HP website to search for the Drivers about my Kodak printer yet. Just had a thought, do you think that by removing all the check marked boxes, especially the Kodak check marks in Win. Firewall, & maybe that was causing the problem, and that I might not need the driver search now?