when I first came to this forum I was having a problem with "scvhost.exe" Application Error.

The application error window popped up saying:

"The instruction at "0x75606eb5" referenced memory at "0x000000008". The memory could not be "read".

Click on OK to terminate the program


But it does not terminate the application, "svchost.exe - Application Error" Pop up
keeps popping up.

I typed the message into yahoo search window and found you guys.


I read and followed all the instructions I found at evilfantasy's GUIDE to Getting Started.

I went thru steps 1 - 5 and the above problem went away.

However when I came to Step 6 - Hijack This -  I found out that I cannot OPEN

Local Disk (C:) -  When I click on the Local Disk (C:)  icon I get this message:

"Windows cannot find "RECYCLERS\S-7-1-10-1000016218-100016988.com'. Make sure you typed the name correctly, and then try again. To search for a file click the Start button and the click search."

When I right click to open (C:) a pop up message comes up with a red x and says C:/ cannot be accessed


Also when I try to open Internet Explorer  Windows installer keeps opening up and tries
to install "HP Smart Web Printing"  which is by the way already installed.

I cannot stop this action and unfortunately have to force my computer to boot down...



My questions is do I really need to change Hiajckthis.exe name in order to run the software
to get my report


I ran housecall in hopes that they might find something still in my computer so that i could
open Local Disk (C:)  and change the name on HiJackThis.exe.

After an hour or so of housecall running my computer crashed. So I installed and ran HighJack this
as is....

I attached two logs for MalwareBytes as I ran it and the SuperAvtiVirsus Program twice.

Both times MawareBytes found infections. Second time with SuperAntiVirus found nothing

[attachment deleted by admin]Welcome to CH.

Download ComboFix© by sUBs from one of the below links. Be sure top SAVE it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFixPretty awesome!  I now have access to my Local Driive (C:)

Still having the same problem with opening up IE: Windows Installer Starts and Keeps trying

to install:  "HP Smart Web Printing" 

But Now I cannot use firefox When I click on the firefox icon a window  pops up and says that
firefox has created an error and needs to close. I tried rebooting again with no luck.

I have no use of fire fox or IE.  Right now I am using Mozilla's "SeaMonkey"

Attached are the logs from running: ComboFix

[attachment deleted by admin]You may have to reinstall your printer software.


Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]:Processes
explorer.exe

:reg

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

:files
c:\windows\SET88.tmp
c:\windows\SET86.tmp

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.

----------

Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.

• Open the folder and run Dial-a-fix.exe
• 2 windows will open. Close the one in the background labeled Restrictive Policies
• Check the box in section 1, Empty temp folders.
  
• Check the box in section 2, Fix Windows Installer.
  
• Check the box in section 3, Fix Windows Update.
  
• Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
  
• Check all boxes in section 5, labeled Registration Center.
  
• Click Go
  
• OK any error messages if received, but write them down and post them here.
• Restart the computer when done.

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

• Under Main: Select Files to Delete choose: Select All.
  
• Click the Empty Selected button.
  
• If you use Firefox browser click Firefox at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• If you use Opera browser click Opera at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• Click Exit on the Main menu to close the program.

• Double-click OTCleanIt.exe.
  
• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes, if not delete it yourself.

• Double-click on drweb-cureit.exe and then click Start
• An information notice will appear, click OK.
• This starts a short scan that will scan the files currently running in memory.
• If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
• If or when something is found, click the Yes button when it asks you if you want to cure it.

• Once the short scan has finished, Click Settings > Change Settings
• Under the Scanning tab UNcheck Heuristic analysis and click OK
• Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.
  • Click Yes to all if it asks if you want to cure/move any file(s).
• When the scan is done.
• In the Dr.Web CureIt menu on top left, click File and choose Save report list.
• Save the DrWeb.csv report to your Desktop.
• Exit Dr.Web Cureit.

• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

• After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
• Copy and paste that log in the next reply