Over 1 million tech questions and answers.

2.exe infection - multiple machines affected

Q: 2.exe infection - multiple machines affected

Have multiple machines keep having recurrence of c:\windows\system32.exe detected and removed by eset nod32. I have run various anti malware programs with assistance of nod32 support without success.I ran Process Explorer and Process Monitor and I see that \windows\PSEXECSSVC.EXE runs just before the warning dialog comes up but then the process disappears15:25:23.3607270 PSEXESVC.EXE 2520 QueryNameInformationFile C:\WINDOWS\PSEXESVC.EXE SUCCESS Name: \WINDOWS\PSEXESVC.EXE15:25:23.3618608 PSEXESVC.EXE 2520 Load Image C:\WINDOWS\PSEXESVC.EXE SUCCESS Image Base: 0x400000, Image Size: 0x1800015:25:23.3642341 PSEXESVC.EXE 2520 Load Image C:\WINDOWS\system32\ntdll.dll SUCCESS Image Base: 0x7c900000, Image Size: 0xb000015:25:23.3643202 PSEXESVC.EXE 2520 QueryNameInformationFile C:\WINDOWS\PSEXESVC.EXE SUCCESS Name: \WINDOWS\PSEXESVC.EXE15:25:23.3647962 PSEXESVC.EXE 2520 CreateFile C:\WINDOWS\Prefetch\PSEXESVC.EXE-35EFACCF.pf SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened15:25:23.3694481 PSEXESVC.EXE 2520 CreateFile C:\WINDOWS\Prefetch\PSEXESVC.EXE-35EFACCF.pf SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Complete If Oplocked, Attributes: n/a, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened15:25:23.3696004 PSEXESVC.EXE 2520 QueryFileInternalInformationFile C:\WINDOWS\Prefetch\PSEXESVC.EXE-35EFACCF.pf SUCCESS IndexNumber: 0x6200000001056115:25:23.3697912 PSEXESVC.EXE 2520 QueryNameInformationFile C:\WINDOWS\Prefetch\PSEXESVC.EXE-35EFACCF.pf SUCCESS Name: \WINDOWS\Prefetch\PSEXESVC.EXE-35EFACCF.pf15:25:23.3723330 PSEXESVC.EXE 2520 CloseFile C:\WINDOWS\Prefetch\PSEXESVC.EXE-35EFACCF.pf SUCCESS15:25:23.3737115 PSEXESVC.EXE 2520 QueryStandardInformationFile C:\WINDOWS\Prefetch\PSEXESVC.EXE-35EFACCF.pf SUCCESS AllocationSize: 16,384, EndOfFile: 16,176, NumberOfLinks: 1, DeletePending: False, Directory: False15:25:23.3759200 PSEXESVC.EXE 2520 ReadFile C:\WINDOWS\Prefetch\PSEXESVC.EXE-35EFACCF.pf SUCCESS Offset: 0, Length: 16,17615:25:23.3761408 PSEXESVC.EXE 2520 QueryNameInformationFile C:\WINDOWS\Prefetch\PSEXESVC.EXE-35EFACCF.pf SUCCESS Name: \WINDOWS\Prefetch\PSEXESVC.EXE-35EFACCF.pf15:25:23.3762731 PSEXESVC.EXE 2520 CloseFile C:\WINDOWS\Prefetch\PSEXESVC.EXE-35EFACCF.pf SUCCESS here is my Hijackthis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:30:56, on 13/07/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exeC:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exeC:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exeC:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exeC:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exeC:\Program Files\UltraVNC\winvnc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Windows Live\Messenger\MsnMsgr.ExeC:\Program Files\Messenger\msmsgs.exeC:\Documents and Settings\paulc\Local Settings\Application Data\Google\Update\GoogleUpdate.exeC:\Documents and Settings\paulc\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exeC:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exeC:\Program Files\DNA\btdna.exeC:\Program Files\Microsoft ActiveSync\wcescomm.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\UnHackMe\hackmon.exeC:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exeC:\PROGRA~1\MI3AA1~1\rapimgr.exeC:\Program Files\TechSmith\SnagIt 9\SnagIt32.exeC:\Program Files\WinAutomation\WinAutomation.DIAgent.exe\Paulc\c$\Program Files\Microsoft Office\Office\OSA.EXEC:\Program Files\UltraVNC\vncviewer.exeC:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exeC:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\TechSmith\SnagIt 9\TSCHelp.exeC:\Program Files\TechSmith\SnagIt 9\SnagPriv.exeC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\Program Files\TechSmith\SnagIt 9\snagiteditor.exeC:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXEC:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exeC:\Program Files\UltraVNC\vncviewer.exeC:\Program Files\UltraVNC\vncviewer.exeC:\Program Files\TextPad 5\TextPad.exeC:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\TextPad 5\TextPad.exeC:\WINDOWS\PSEXESVC.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Putty\putty.exeC:\Program Files\WinSCP\WinSCP.exeC:\WINDOWS\system32\cmd.exeC:\WINDOWS\system32\mmc.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.comO2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllO3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dllO3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dllO3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /AO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\winvnc.exe" -servicehelperO4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\paulc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exeO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - Startup: Adobe Gamma.lnk = Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: Office Startup.lnk = Program Files\Microsoft Office\Office\OSA.EXEO4 - Startup: Run UltraVNC Viewer (Listen Mode).lnk = C:\Program Files\UltraVNC\vncviewer.exeO4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exeO4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exeO4 - Global Startup: WinAutomation Agent.lnk = C:\Program Files\WinAutomation\WinAutomation.DIAgent.exeO8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dllO9 - Extra 'Tools' menuitem: iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dllO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dllO9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlO9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlO9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1187780887123O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187968483281O16 - DPF: {BC24CA88-7256-45BF-A3E5-0C838E0687D4} (CpuPush Class) - http://vs.mcafeeasap.com/mc/enu/VS47/PushI...ll/pushinst.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = compsysuk.comO17 - HKLM\Software\..\Telephony: DomainName = compsysuk.comO17 - HKLM\System\CCS\Services\Tcpip\..\{D393B974-854F-4423-820D-F3562AC1F563}: NameServer = 223.255.255.200,223.255.255.123O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = compsysuk.comO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exeO23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exeO23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exeO23 - Service: Panda Antivirus Report Service (PavReport) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exeO23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXEO23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exeO23 - Service: WinAutomation Service - Softomotive - C:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exeO23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\winvnc.exe--End of file - 15055 bytesAffecting most of the computers in the office. Have searched the web but unable to find a fix.Please helpPaul

RELEVANCY SCORE 200
Preferred Solution: 2.exe infection - multiple machines affected

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: 2.exe infection - multiple machines affected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Read other 2 answers
RELEVANCY SCORE 64.8

Hello Experts,
we have 400+ machines are facing performance issue and suddenly
we will not be able to make RDP to the affected machines or can't access SMB shares and unable to manage the computers.
I used Performance Monitor to
troubleshoot, remove AV , disable DLP , update OS,, and a lot of try without any luck

I want to hear from you guys how you can work on this case , and which tools should i use. any recommendations

Read other answers
RELEVANCY SCORE 62.8

We have 3 staff machines within the building that lose shortcut icons from their desktop every now and again. They do not lose them at the same time either. It is intermittent for all 3 machines.

The shortcuts that are lost are those linked to files on our server (networked storage). They do not lose the icons for software local to the machine.

All machines are exactly the same make and model so all hardware the same. They also run the same Operating System, Windows 7 Professional 64 bit (Service Pack 1). None of the other machines in the building seem to have the problem.

All machines are connected via a network to our server. This used to happen with the same 3 machines with our old server. It has also continued since we switched to the new server.

Read other answers
RELEVANCY SCORE 54.8

Hi Everyone, I would like to share this HijackThis and an MBAM log to see if there is anything pernicious there. My pc was hacked and my email, game accounts were all violated. I took the following steps prior to aquiring the HijackThis log which were:
1- Used ATF Cleaner, 2-Ran Ad-Aware, 3-Spybot Search+ Destroy,
4- Mbam 5-full virus scan (Norton).
Thanks in advance for any advise
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:13, on 22/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\Med\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\w... Read more

Read other answers
RELEVANCY SCORE 54.4

Good Afternoon,
 
I support external properties via remote IT support.  We are building VPN tunnels and joining all computers to our domain.  During this process we have seen several computer affected with multiple SVC Host instances.  This system has 14 instances.  I posted earlier for another machine.  What is the first step to gathering logs that can be analyzed?

A:Another machine affected with multiple SVC Host Instances

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/559344 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 54.4

US-Cert alerts Apple users to install a newpatch for several vulnerabilities:Apple has released Security Update 2006-003 to correct multiple vulnerabilities affecting Mac OS X, Mac OS X Server, Safari web browser, Mail, and other products. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Impacts of other vulnerabilities include bypassing security restrictions and denial of service.http://www.us-cert.gov/cas/techalerts/TA06-132A.htmlRegards,John

A:Apple Mac Products Affected By Multiple Vulnerabilities

What's sad is Apple left a bunch of known critical vulnerabilities un-addressed. And right on the heals of those there is another new vulerability with how OS X handles TIFF files. You can read the article here (please post comments back here at BleepingComputer.com).

Read other 2 answers
RELEVANCY SCORE 54

My helper referred me to this forum. I have posted a link to that thread below:Infected ComputerI ran a full scan with Malware byte before I sought out help. It found two Trojans and deleted / quarantined them. copied and pasted part of the log below:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Mcafee Real-Time scanner won't turn on or scan, my computer crashes a lot now and I get an error message when I try to run most of my programs.below are the logs the forum requests:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by name at 12:38:14 on 2011-12-04Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1513 [GMT -6:00].AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *Enabled* .============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS&... Read more

A:Trojan Infection that affected the registry

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430948 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 26 answers
RELEVANCY SCORE 54

I keep getting spyware called abetterinternet.aurora and virtumonde. I have updated and run spybot in safe mode and fully booted up, but the problem keeps coming back I have run symantec antivirus (which comes up with nothing) in safe mode and when fully booted up.

i get tons of pop ups and then my symantec autoprotect pops up and notifies me that:
it deleted downloader 10_swp[1] and win7cc.tmp. It also deleted downloader.misleadapp with a file name of gos7d7.tmp
it aslo quarantined win7d2.tmp

as soon as i reboot everything starts happening again and I get similar notifications from symantec. another symptom is that my desktop icons disappear.

I downloaded virtumonde removal tool from symantec but when i run it it says virtumonde isnt on my computer. however spybot finds it and fixes it only to have it return again.


I believe the infection i have is called msiconf.exe but not sure. As soon as I start to use IE thats when everything freezes up, viruses get picked up by symantec auto protect and I have to reboot.

my hijackthis has also been affected. Im able to do a scan but when I try to save a log the program just closes.

Any help would be greatly appreciated. Thanks!

A:Infection Also Affected My Hijackthis Logs?

Hello elroy325,

Welcome to Bleeping Computer

Try this : Go look in your HijackThis folder, and rename HijackThis.exe to something else, like popcorn.exe. The try to run it and save a log.

Thanks,
tea

Read other 9 answers
RELEVANCY SCORE 53.2

I have recently assembled my computer. During normal non-gaming use, I have yet to have any type of issue or problem. However I have had numerous stability issues while gaming and have yet to determine a cause, so I'm hoping to get some assistance.

While gaming, I have had occasional Blue Screens of Death and frequent crashes to desktop. Unfortunately, I haven't noticed any pattern on what typically causes these issues to happen, and so it has been difficult for me to diagnose it. I may play for an entire day without issue, but more frequently I would have several instances in a day. This seems to affect all games that I play & have tested (most of which are on Steam: Civ 5, Skyrim, Empire and Shogun 2 Total War). Oddly enough I haven't had an issue with Diablo III, which led me to believe for a time that it was a Steam issue; however, I've recently purchased Starcraft II and have had CTD's with it too.

Over many weeks of trying to figure this out myself, I had attempted to uninstall/reinstall the games affected, the graphics drivers (which I thought were the issue initially given that it was limited to gaming issues only), and drivers for all parts of the computer. At a certain point, I decided to reinstall Windows and the newest drivers (with no other software), but to no avail as the issue persisted, leading me to believe I've got a hardware gremlin.

I've also tried letting MemTest86+ have at it for a few hours (no errors) and replacing the graphics card for a few d... Read more

A:Random problems only while gaming (BSOD, CTD); multiple games affected

Your crash dumps are not showing any finite probable cause. In such a situation, it is better to enable Driver Verifier to monitor the drivers.

Driver Verifier - Enable and Disable
Run Driver Verifier for 24 hours or the occurrence of the next crash, whichever is earlier.

Test your RAM modules for possible errors.
How to Test and Diagnose RAM Issues with Memtest86+
Run memtest for at least 8 passes, preferably overnight, per RAM module per slot.

Let us know the results, with the subsequent crash dumps, if any.

Read other 4 answers
RELEVANCY SCORE 53.2

Hi,i have 3 ThinkPad's L480 that are not charging in the Ultra Dock's.Depending of the used Power Supply (135W, 170W) Lenovo Vantage shows a installed Power Supply with 65W or 90W. The battery is not charging, at the end of the day most of the ThinkPad's are running low on battery. All firmware for ThinkPad and Ultra Dock is up to date, all Windows Updates are installed.Problem has been tested with Lenovo Windows Image, Clean Install and Custom Install. And i am not the only one with this problem, Lenovo has no idea what to fix her. How can i tell the ThinkPad to charge the battery while sitting in the Docks ... ? On Friday Lenovo told me that the ThinkPads are not compatible with the current Ultra Docks !!

Read other answers
RELEVANCY SCORE 53.2

Hi,
 
     I run a personal server, for my own personal use, using Windows Server 2008 R2.  I have been racking my brain for the last week trying to figure out what is going on with my doman and figured I would stop here and see what you all think.  I am getting weird redirects and some of my programs are unable to connect.  I am including pictures to show what is going on.  First thing is, when I try to open facebook or some other sites I get hit with the following three things shown in the pictures below.
 

 
 
I know these are fake because I meticulously keep my software up to date and the latest version of Adobe Flashplayer is 12.0.0.77.  When ever I try to connect to Google Hangouts I get the following.

 
When I try and open TeamViewer to connect to my other computers I get this.

 
When I start up my Google Drive program it won't connect as shown below.
 

 
I have ran multiple scans on my systems with Microsoft SystemCenter 2012 Endpoint protection and Malwarebytes.  Malwarebytes found a suspicious item and cleared it once but ever since then it has come up empty and shown no issues even though this problem persists.  I have run TDSSkiller on the systems to no avail.  I have been unable to find out anything else and really can not afford to wipe all theee systems especially the server.  I appreciate any help you all can give me at this point as I am coming up bl... Read more

A:Multiple domain computer affected by same issue including server

anyone that can help me at all?

Read other 3 answers
RELEVANCY SCORE 52.4

Well,
 
'm having so many issues I don't know where to begin... Maybe someone can help me identify this file/code?
 
Here is a the text from a file called bootmgr.exe.mui 
Located in c:\Windows\boot\PCAT
 
By the way, this is about the 5th time I've written this..,it keeps getting shorter and shorter.  My text keeps mysteriously getting highlighted and deleted. Or my browser shuts off,,,anyway...
 
 
 
MZ       ÿÿ  ¸       @                                   À   º ´    Í!¸LÍ!This program cannot be run in DOS mode.
$       ÝôÙ™|šŠ™|šŠ™|šŠ‡.Š˜|šŠ‡.Š˜|šŠRich™|šŠ                        PE  L RšîH        à "!          ü                                ... Read more

Read other answers
RELEVANCY SCORE 52.4

Hi,

We have a network of WiFi access points and a lot of them are on Channel 13 ( we are located in Europe so these channels are allowed to use ). 
Recently, we started getting complaints from different users that they are not able to connect to our access points. The users use different brand computers ( HP, Asus ) and different brand of WiFi adapters ( realtek, atheros) and are using either
Windows 7 or Windows 8. The only thing in common is that they recently installed Microsoft Windows updates. 

The SSID is public (not hidden), they all were able to connect to the SSID before the updates. Currently, they can't even see the SSID in the network list. If we install some 3rd party tool to scan the networks on the computer - it does see the
ssid. If we boot up from a livecd - it also does see the network. If we put the WiFi on channel 6 or some other lower channel - they are able to see the network, but not on channel 12-13. So this is definitely something related to windows update. Are there
any known issues with this? How can this be fixed? Any workarounds available? 

Unfortunately, these notebooks belong to our clients and we can't replicate the issue on a few of our own notebooks we tried. I would try to deinstall each update until i find out which one makes the wifi broken, but still waiting for a customer
to sacrifice his notebook to me for a day or two to find this out.


P.S. Changing the wifi channel to something other than 13 is _n... Read more

Read other answers
RELEVANCY SCORE 52.4

Hello All,
 
Before posting I want to say that I am a long time lurker of this forum and the site in general. There has been so much useful information found on this site ver the past few years and would like to say thank you.
 
Anyways, recently I have been dealing with multiple machines showing up under AVG admin console saying that C:\windows\taskshost.exe shows up as infected. I'm assuming that something else is going on and using taskshost.exe as the local resource. I've tried running and cleaning the machines multiple times but come up with nothing. Then, I get a letter from their ISP saying that they are blacklisted because spam as been originating from their IP address. This is the quote I got from the ISP:
 
GameOver Zeus (GOZ), a peer-to-peer variant of the well-known bank credential-stealing Trojan Zeus malware, uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. GOZ is primarily used by cybercriminals to harvest banking information, such as login credentials, from a victim's computer. To date, GOZ activity has led to the loss of millions of dollars through fraudulent Automated Clearing House (ACH) transactions and wire transfers. Infected systems can also be used to engage in other malicious activities, such as sending spam or participating in distributed denial-of-service (DDoS) attacks.
 

 
So, I'm assuming that the two issues are related. After redoing an invento... Read more

A:Multiple Machines Infected on LAN

Hello this will be better resolved with a repost and a DDS log from the Main machine.Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 1 answers
RELEVANCY SCORE 52.4

I upgraded from Windows 7 pro 64 bit to Windows 8 pro 64 bit on two computers and all went well for a day. After that I get the BSOD on both machines at least 8-10 times each day. I called the Windows help desk and was less than satisfied with their analysis skills since they did not even seem to care about looking at the DMP file even after I mentioned it several times. I zipped the dmp file in case anyone can read it. Thanks in advance.

A:BSOD on multiple machines

Welcome
I have just resolved this idential problem three times already today. You must uninstall your current anti virus and use the built in Microsoft Security Essentials/Windows Defender. Start with a restore point first, so that you can go back in the event of problems.

Read other 8 answers
RELEVANCY SCORE 52.4

Hi;
I'm new to this and this is my first question. I am trying to connect two fax machines to one dedicated fax line. Is it possible to connect a free-standing HP Laserjet 3330 and a system controlled Brother 5-in-1 MSC5440CN to one dedicated line without interfering with one another? I would like one in one office and another in another office. Does anyone know a way to do this? I would appreciate any help you may be able to offer.
Thanks,
Sandi
 

Read other answers
RELEVANCY SCORE 51.6

Hi, i'm new here, already tried to search the site for help but can't find what i'm looking for. I have 3 computers that I have already reinstalled Xp on them. Problem is they wont validate because the disc that I used came with another computer and i'm using the product key off the computers that I was reinstalling XP on, and when I go to validate them the product keys obviously dont work because they are suppose to be used with the OS that they came with. I did not know this until it was to late. So my question is, is there a xp disc, software that I can use to put on my computers and then use the product keys that are on the case to validate. I also just bought a win7 full version, both 32 and 64 bit disc that I have put on my laptop. So could I use the Win7 disc and just buy the product keys if the the xp option doesn't work?

A:Using Single Xp OS disc on multiple machines

Welcome here.

I couldnt get you clear in your previous post.

You installed XP with the same key to 3 machines and when you went to validate, it isnt validating.You would buy a new win XP but still not willing to reinstall the XP. you are looking for a software so that you could just update the key on the already installed xp rather than installing all over again and validate. If this is what you want, give a reply, will let you know the solution.

Read other 15 answers
RELEVANCY SCORE 51.6

Hello,
We are currently facing issues with around 1500 Windows 10 systems that seem to have vcredist 2013 x64 corrupted and apps that use this component fail to install due to the below error.

Product: Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 -- A later version of Microsoft Visual C++ 2013 x64 Minimum Runtime -12.0.21005 is already installed.
Is there a possibility to use MicrosoftProgram_Install_and_Uninstall and deploy a script for it to remove just Microsoft Visual C++ 2013 x64 Minimum Runtime?
We have tried force uninstalling with the installation setup of vcredist via cmd, but that does not work.
Thank you!

Read other answers
RELEVANCY SCORE 51.6

Hi guys

I have a classroom that we need to log in as a local admin (the exam software needs administrator privelidges to work correctly) and I was wondering if anyone could come up with a solution to save me having to go to each machine and log them in indevidually. Ideally I'd like to be able to do this all remotely.

A:Login multiple machines remotely

what about vnc? i think i remember seeing that software on the computers when i was going to school. you would still have to log into every computer but you could do it all without having to leave your computer. vnc shows whatever is on the screen of the computer that it is connected to.

Read other 3 answers
RELEVANCY SCORE 51.6

Hi - We are finding multiple machines (setup identically) with BSOD appearing at different sites, whilst running out own application, need some help with interpreting the dump files which are attached, if anyone can point us in the right direction?

Tried using different brand machines but same error occurs, though this is limited to W7, XP did not suffer this issue.

Thanks again for your help - Sam

A:Regular BSOD on Multiple Machines

Code:
BugCheck 44, {fffffa80035d6010, 1d7b, 0, 0}

Probably caused by : srv2.sys ( srv2!Smb2FreeResponseBufferForAsyncCall+1c )

Code:
Usual causes: Device driver(s)
Run Driver Verifier to scan for any corrupted drivers which may be causing problems, this program works by running various stress tests on drivers, in order to produce a BSOD which will locate the driver; run for least 24 hours:Driver Verifier - Enable and Disable


   Information
Additional Help - Using Driver Verifier to identify issues with Drivers

Scan for any missing, modified or corrupted protected Windows files with:SFC /SCANNOW Command - System File Checker
Remove:


Code:
Start Menu\Programs\Symantec
Start Menu\Programs\Symantec\Symantec pcAnywhere
Symantec software is known to cause BSODs, Windows has it's own native Remote Desktop Connection available here:Remote Desktop Connection (RDC) - Network
Install and perform full scans with:Malwarebytes : Free anti-malware download
Microsoft Security Essentials | Protect against viruses, spyware, and other malware


   Information
Remember to install the free version of Malwarebytes not the free trail; untick the free trial box during installation. MSE is the most lightweight and compatible with the Windows 7 operating system

You can also view this thread for a complete free and lightweight security protection combination:Good and Free system security combination.

Read other 1 answers
RELEVANCY SCORE 51.6

We have multiple users in our environment that have been getting BSOD's with corrupt dump files. They all point to 0xCA_2 and they are not doing anything specific when it happens. We have full dumps enabled so it will take very long to upload/download. I have copied the results of the debugger below. If someone can give me commands to type in, I can post my findings....

Kernel Complete Dump File: Full address space is available
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff800`02a64000 PsLoadedModuleList = 0xfffff800`02ca9670
Debug session time: Mon May 21 09:15:05.809 2012 (UTC - 4:00)
System Uptime: 2 days 23:48:27.005
Loading Kernel Symbols
...............................................................
................................................................
.........................................
Loading User Symbols
Loading unloaded module list
....................................
*******************************************************************************
* *
* Bugcheck Analysis *
* ... Read more

A:BSOD 0xCA_2 on multiple machines

Sorry, forgot to add that this is on X64 Enterprise on Lenovo T410S

Read other 2 answers
RELEVANCY SCORE 51.6

Problem: 500 XP machines, 550 Users, 20 Printers, in a building the sizes of 4 football fields. Users are on a standerd desktop, (for the most part). Roaming profiles are in use, (for the most part). Users will move from one machine to another. Using Roaming profile, you can keep thier drives mapped, however, when they print, they need to print to the closest printer.

Question, How do you get the machine to use the closest network printer with roaming profiles?

Thank you
 

Read other answers
RELEVANCY SCORE 51.6

i bought windows 7 for my laptop and my mom has a dektop running windows vista i wanna know is it possible for me to use my windows seven disk on more than one computer useing the activation code and everything when it asks for my activation code will it not let me install windows 7 on her computer because i have already used the activation code when i installed it on my personal laptop pc. Thanks

A:can you install windows 7 on multiple machines

  
Quote: Originally Posted by bigboi972


i bought windows 7 for my laptop and my mom has a dektop running windows vista i wanna know is it possible for me to use my windows seven disk on more than one computer useing the activation code and everything when it asks for my activation code will it not let me install windows 7 on her computer because i have already used the activation code when i installed it on my personal laptop pc. Thanks


I like short answers.

Nope, activation codes only work on one Machine at a time (if Seven came with a PC it can only be installed on that PC) and installing it on another machine would be illegal and against the EULA anyway.

Oli

Read other 3 answers
RELEVANCY SCORE 51.6

Hello.

Looks like we are going to roll out W7 on multiple machines. We have approx. 38 identical machines (XP) we want to install this too. I know we need to back up the data then do a "Custom" install, and reinstall the programs, but has anyone used anything that will speed up the process (SUS, Ghost, etc).
Oh, and would it be best to roll these out prior to our W2008R2 roll out, at the same time or W2008R2 first?

Thanks for any and all suggestions.

SMC

A:Install On multiple Machines at the same time

HK

have you tested win 7 extensively in your environment. Networking, sharing, compatibilty with core apps?

For 38 machines its really not that bad. You can create images (ghost or acronis) you can also slipstream the upgrades and make it unattended. that number of machines can be done easily over the weekend with a little help.

Let me know if I can help, or if you have questions

Ken

Read other 7 answers
RELEVANCY SCORE 51.6

Hey there

I have an ADSL connection, with a wireless router attached. Then have two laptops both connected via the wireless connection. When they are both being used, they usually cause an IP conflict causing one to drop the connection. I beleive this is because my connection has dynamic IP and both machines are trying to connect directly.

One laptop is my work machine and the other is my wifes home machine. Neither machine is on all the time so I havent tried setting up the internet connection sharing.

Any suggestions on how to set this up? I am thinking of using an old PC box as an always on directly connected to the ADSL line and then sharing the connection through there. If that is an option, what kind of specs should it have? Or is there an easier way?

Thanks!!!
Lon
 

A:Dynamic IP, multiple machines causes IP conflicts

Read other 6 answers
RELEVANCY SCORE 51.6

Hi everyone,
 
Got some irritating errors here happening across multiple machines in the same manner. Errors are not restricted to any particular software but feature heavily on Thunderbird, Word and Excel.
 
Example 1

Faulting application name: thunderbird.exe, version: 38.1.0.5666, time stamp: 0x559c1ed7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x289ff838
Faulting process id: 0x1938
Faulting application start time: 0x01d0cfc06bb9ae4b
Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Faulting module path: unknown
Report Id: a7c398f2-3bce-11e5-b879-00249b03bd8a
Example 2

Faulting application name: WINWORD.EXE, version: 12.0.6726.5000, time stamp: 0x559b6b88
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0ccafac2
Faulting process id: 0x1a14
Faulting application start time: 0x01d0d3aed60ff35e
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
Faulting module path: unknown
Report Id: 99c794f3-3fa2-11e5-bd22-00249b03bd8a
Related error, example 3

Faulting application name: WINWORD.EXE, version: 12.0.6726.5000, time stamp: 0x559b6b88
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x0b51fbfe
Faulting process id: 0x1bbc
Faulting application start time: 0x01d0bf7daf105693
Faulting application path:... Read more

A:Irritating errors, multiple machines.

Well, I can tell you that 0x5 error codes are "Access denied", which means that the process encountered an error due to not having enough permission on a certain task and it crashed. Does it happens across multiple userprofiles, or just one?

Read other 8 answers
RELEVANCY SCORE 51.6

Hi All,

Not sure this is the right spot but here goes. I have my own business, domain name, etc. I use multiple machines - laptop, workstation & handheld (iphone3GS). Is there a way to to have all my email, calender and certain directories of files, etc stay synchronized across the laptop and workstation? Also, it would be nice to have the email and calendar synch'd with the handheld as well. I used MS office 2007 on a win 7 laptop and a Win XP 64 workstation.

I currently have a pop email protocol but I believe I could switch it to IMAP (of which I know nothing) if that could help.

Any help or a link or a search criteria would be much appreciated.
Thanks,
Billmce

A:Better organized....multiple machines and email

I had more or less the same requirement, and settled on syncing.net as a solution between laptop and workstation; I sync my Nokia smartphone to the workstation using Nokia's own (pretty poor to be honest) software. Syncing.net works well for me

Read other 9 answers
RELEVANCY SCORE 51.6

Hello all.
I have been thinking of how can I make MBSA scan reports for multiple machines.

As of now I've been looking report from GUI only, but it is too much time taking when you have to make a summary of missing updates of around 200 computers at a stretch.

Can someone throw some light on mbsacli options to generate reports for remote scanning from a server. I read that detailed report cannot be generated using
mbsacli for multiple machines scan. If anyone can provide a command for generating report (incuding all the details available in GUI) for a single host, I can create a batch script to do the rest.
P.S.- I am using MBSA for remote bulk scans, not local scans.

Thanks,
Kriss

Read other answers
RELEVANCY SCORE 51.6

I have 2 desk units hardwired to a belkin wireless router that is connected to comcast cable. I want to assign each machine a unique IP address so that they can each be accessed from outside via the internet. One will actually have a domain name assigned to a specific program.

How do I do this?
Thanks in advance
 

A:Multiple machines on wireless router

Read other 6 answers
RELEVANCY SCORE 51.6

I've got two Win 7 machines that don't have working online Help and Support.
One is my signature machine with Win 7 Pro 32-bit, the other is Win 7 Home 64 bit.
The 32-bit machine is updated monthly. The 64-bit machine hasn't been updated since before Win 10 was released.
Both machines are connected to a common Linksys router to my DSL ISP.
When switched to Offline Help, I get results. Online help, nada.
I did search this problem here on Seven Forums and at Google, but no solution was ever found.
The fact that it's TWO rigs affected is making me wonder if Microsoft has shut down online help for 7.
No viruses, no malware, sfc /scannow was run on both machines with no errors found.

Does anyone have any ideas what's going on? I'd appreciate any input.

A:No online Help or Support on multiple Win 7 machines

Yes on line support has finished. It finished in Jan 2015. This PC magazine article will explain it for you.

Mainstream Windows 7 Support Ends Today, But Don&#39;t Panic - Operating Systems and Platforms - Reviews and Price Comparisons from PC Magazine

Read other 1 answers
RELEVANCY SCORE 51.2

Purchased new laptop loaded with Windows 10 Pro which cannot see the Windows server 2008 R2 or map a drive on network. Can see all the 32bit workstations running Windows 7.  Upgraded Windows 7 machine to Windows 10 with the same result except the
mapped drive on server still works.
Can anybody help me

Read other answers
RELEVANCY SCORE 51.2

Hi all,
Just a bit of background...

I have recently taken over as IT support for a small school.

The school wants all the PC's re-imaged (Win 7 Pro... checking tomorrow if 32 / bit)

All PC's running on school domain to a local Server 2008 

There are no images available on the network and the old IT company is un-contactable.

Each PC has it's own Product Key label.

My question: Is it possible to get a 'blank' (ie. no Product key) Win 7 ISO, put it on the server, and then reinstall Win7 on each PC.... once installed (or during installation) we can enter Product key.

Many thanks!

Read other answers
RELEVANCY SCORE 51.2

I have been asked to create a scheduled task for machines in meeting and conference rooms that reboots them after 4 hours of inactivity.
I have the xml file exported from my own machine, but I can't find a way to allow this to import via script that doesn't need the target system name.
Is there either a way to import a single task into multiple machines withouth having to edit the script for each OR a way to add a task via a registry edit?

Read other answers
RELEVANCY SCORE 51.2

Hi there

I'd really love a keyboard that had say 4 buttons on it --like Fn buttons that would switch output to any one of 4 machines -- such a simple idea but why nobody hasn't yet got one out on the market I can't understand it

I'm really FED up with messing around with two / 3 physical keyboards and I don't want a USB switch box on my desk.

All the keyboard would need is 4 USB outs (or 4 receivers for wireless) the active connection being made by a key press on the keyboard. In fact the only difficulty would be the right receiver for the wireless transmitter but that is easily solved by say a different colour key on the keyboard and an id (same colour) on the receiver.

I'm sure some of you testing several machines on a workbench have faced similar problems of multiple keyboards.

Any budding entrepreneurs out there --I'm sure loads of you have felt a need for this type of keyboard. Maybe there is one - but not seen at all !!.

Any engineers -- any idea how I could even consruct one --I'm quite handy with a Soldering Iron etc.

Cheers
jimbo

Read other answers
RELEVANCY SCORE 51.2

Hi all,
Just a bit of background...

I have recently taken over as IT support for a small school.

The school wants all the PC's re-imaged (Win 7 Pro... checking tomorrow if 32 / bit)

All PC's running on school domain to a local Server 2008

There are no images available on the network and the old IT company is un-contactable.

Each PC has it's own Product Key label.

My question: Is it possible to get a 'blank' (ie. no Product key) Win 7 ISO, put it on the server, and then reinstall Win7 on each PC.... once installed (or during installation) we can enter Product key.

Many thanks!

A:Install from server to multiple machines using 'blank' ISO

It appears I was able to get an ISO using the 'Windows ISO Downloader'

I can get into WinPE on each machine by hitting F* key (forget what it was) - I was able to choose 'Reinstall Windows' (or similar) and I can connect to the Server2008 machine without issue.

Can I now just pop the ISO in there? (Or should I extract the ISO and put it in a folder on the Server 2008 machine?)

During re-installation, i'm happy to have to manually enter the hostname / domain to connect to on each PC which i'm reinstalling. I know it will take a while but it's only about 30 PC's so i'll get over it.

Read other 1 answers
RELEVANCY SCORE 51.2

I hope this is an easy one.

I maintain WAY too many e-mail addresses (like most of us), but I have two accounts that I need access to on all of my machines. I know I can configure the mail application to leave messages on the server so I can check (and delete) them from another machine later, but how do I keep OE from downloading the same message over and over?

If I want to check my personal mail account on my work machine, but be able to download the mail at my home, how do I check my accounts at regular intervals without having many copies of the same messages at work?

There has to be a simple solution that I am missing.
 

A:Solved: OE6 Mail Configuration For Multiple Machines

Most ISPs have a web mail service. I have Earthlink and can check my mail on the internet and if I want to read or delete the mail before I download it to any of my computers, I can do so from the web.
 

Read other 2 answers
RELEVANCY SCORE 51.2

I am looking psexec commands to install exe
scenario:
I had copied source folders \\server1\test  into  designation (C:\windows\test) via PowerShell
now I am looking psxec complete command to run exe on remote machines (remote machines will take from txt file)
PSEXEC syntax or command  to run exe on multiple machines 

Read other answers
RELEVANCY SCORE 51.2

Hi There
I need to help a company wipe 18 HP branded Desktops and most of them are with 500GB SATA HDD of 3.5inch.

What is the best way of doing this as the company need me to make sure the Data is securely wiped and need something like a Low level format like copying zeroes.

Also I need to provide them with a report that the Data was securely wiped.

I need to do this in around 5 hours and this also need to be taken in to consideration.

thanks
Lakshan.

A:Data wipe in multiple Desktop machines

Depends on how sensitive and likely to be searched for by a future user the data is .

Something like Partition wizard bootable disk/USB could completely wipe at partition level which may be sufficient for secure wipes

Another alternative is 2015: How to securely erase hard drives (HDDs) and solid state drives (SSDs) | ZDNet

The only true secure wipe is complete physical destruction of the drives

Read other 1 answers
RELEVANCY SCORE 51.2

I just got this problem on 2x Win7 and 2x Win8 machines today. (20 other machines are ok)
 
All happened within 1 hour of each other.  multiple 30-60sec freezes with any and all programs (all office, trillian, notepad, firefox, ie, chrome, file explorer.... etc) in normal (not responsive showing up in titles). explorer.exe would crash multiple times as well.
 
Works perfectly fine in safe mode .
 
ran the following (in safe mode with networking)
 
rkill (found nothing)
tdsskiller (nothing)
adware (nothing)
malwarebyte (nothing)
malwarebyte rootkit scanner (nothing)
eset online (nothing)
 
I then ran Temp File Cleaner, but didnt help a bit.

A:all programs randomly freeze (multiple machines)

It was bit defender that was causing the problem. Uninstalled it and everything when back to normal

Read other 1 answers
RELEVANCY SCORE 50.4

Hello all,

I'm encountering a very strange and frustrating problem with some of my Windows 7 machines... I'll attempt to explain this as fully as possible, please let me know if any knowing any other information will be helpful.

I recently started a subscription with Comcast for a 50mb Down/10 mb Up high speed internet service.
I am using 3 different websites to analyze the download speed of this connection on multiple computers (speedtest.comcast.net, speedtest.net, speakeasy.net/speedtest).

The issue is, the 50mb download speed works for some of my machines but not for others.

The following machines receive the full 50mb (or higher) download speeds when checking with the above sites:
MacBook Pro
Acer Aspire One - running Ubuntu Linux
Dell Latitude E5410 - Windows 7 Enterprise

When I try this with my other Windows 7 machines, I get results of less than 10mb down. These machines are:
ASUS G73 - Windows 7 Home Premium 64bit
Dell Latitude E6400 - Windows 7 Enterprise

These tests were conducted with direct hard line hookup to the modem, no router.

I know for a fact that the service is working at full capacity, since I get the full download/upload speeds with the 3 machines. But I cannot figure out why the other two are more than 80% slower.

All of the firewall settings are identical across the Windows 7 machines.

I tried starting my my ASUS machine in safemode, to see if some particular process was slowing things down, but the slower internet speeds remained.

Needles... Read more

A:Vastly inconsistent bandwidths across multiple Windows 7 machines

Have you tested since? Any results? It'd be good to know if it was consistent or not.

Read other 5 answers
RELEVANCY SCORE 50.4

Basics: Windows 2003 Server with a domain behind Cisco 1811 router/firewall.
Primary Domain Controller and Secondary Domain Controller both Win 2k3. 30 workstations. Active Directory setup with roaming profiles. No proxy server.

Affected Workstation: Windows XP SP3 with IE8. Rebuilt TCP/IP stacks and Winsock on workstation. Removed and reinstalled IE. Listed 2 internal and 2 external DNS Resolvers in DNS tab. Can ping external IPs from command prompt.

Problem: I have a single user that can not log onto the Internet with IE8. No one else is having any issues. In the information bar at the bottom left when attempting to open Google (or anything else) it gives the "DNS Error.html" warning then displays "Website can not be opened". I can log this user off of the workstation, log on as admin or anyone else, and internet connectivity is no issue. If he logs onto a different computer that has no problems, he has the same issue of no connectivity. This would indicate that it is somewhere in his personal settings. How would I diagnos this or make changes in these settings so he can get on the internet? Or do I need to look somewhere else?

A:Single user can't connect to internet on IE8 on multiple machines.

Hello and Welcome to TSF!

See if resetting the Hosts File helps.

Also, please verify if you have any Proxy settings, if you do then remove it by following this guide.

An update will be appreciated.

Read other 5 answers
RELEVANCY SCORE 50.4

Hello,

My company purchases Dell Optiplex machines,
these BSODs have been happening about monthly on 5-8 machines all purchased at the same time which makes me feel it's not a hardware issue but a corrupt system image possibly from Dell?

Here are two computers BSOD files.

A:BSOD on multiple Win 8 Machines Dell ntoskrnl.exe Ntfs.sys

Debug Files reuploaded to original post

Read other 1 answers
RELEVANCY SCORE 50.4

Hello first post...

Was wondering if anyone has seen an influx of script errors in browsers recently. I've got about 25ish machines that for no rhyme or reason all seem to lock up for almost an indefinite period. It is happening in both IE and Mozilla and doesn't care what the machine specs or OS is. And for that matter the age of the computer. I have some 4 year old boxes doing it as well as ones we have just pulled out of the box and installed.

I'll post back if I come across anything I was just hoping someone else has run into this lately as well.
 

A:Solved: Browser script srrors on multiple machines

Read other 7 answers
RELEVANCY SCORE 50.4

I have today placed an order for 40 new machines for my place of work. All are identical in spec. We want to set up one machine and then ghost the image to all of the other ones. We have Norton Ghost 2003.

The machines will be running Windows XP Pro. All are network ready.

What is the way (and easiest way) to go about the Ghosting process as we have only perviously Ghosted images for Win95/98 machines and using an old version of Ghost (v 5 I believe).

All advice appreciated.
 

A:Norton Ghost 2003: ghosting to multiple machines

Read other 16 answers
RELEVANCY SCORE 50

Hi All, I've Deployed so far 3 Lenovo E580's using the April 2018 SCCM Package availiable on the Lenovo Downloads page for this, It all installs perfectly however I've noticed now with all three laptops the integrated camera is not working. Windows is not detecting a camera is installed on the system. Checking Device Manager, Integrated Camera is showing with a Yellow Warning Triangle when you try to update from Windows or from Location an error message is displayed 'The Install Class is not present or valid' I've removed the drivers and manually installed again and same issue persists.I've reinstalled USB Root Hub, No help.I've Updates BIOS and ran all the latest updates When Looking into Event Viewer i've noticed the class guid is showing as 00000 000000 0000 00000. I'm not running an N version of windows, this is on a 64 Bit Windows 10 Pro 1703. Any help greatly appreciated!!

Read other answers
RELEVANCY SCORE 50

So im all out of ideas on this one. We have a bunch of windows 7 machines that auto load a "student" AD account on boot. This account loads a mandatory roaming profile. For some reason the majority of the machines keep loading temporary profiles
and when i go to C:/users there are multiple student temporary profiles. I have checked to see if the profile was corrupt in the registry but that was not the case. Also the student password never expires and is only part of the domain users group. Any help
is greatly appreciated.

Read other answers