on Stanley's sugestions, very comprehensive and welcome, however a
last reort for me, partly because it looks like they would take 2
or 3 days to work thru and partly because they seem to involve
uninstalling a lot of products and updates, and for a relatively
inexperienced user like me (i am guessing you have a sense of where
i am experience wise by now) this makes me nervous.
lopar said:was there anything on my last post - where i talk about the screensaver ? i
typed it once, lost it then typed it again, but its looking blank from this
end ?
i have also just run sfc, it didn't give me any info, so i assume all ok.
lopar said:i have had another thought, which i hope is not a source of great irritation
to you because i have only just thought if it.
the corruption only occurs on my profile - there are 4 profiles on the
system, 3 of which have admin rights inc mine (though no one else in the
house does any system stuff or downloads). this realisation made me think
about what the differences are between the profiles and the only difference
is that mine has a non standard MS product on it - a screensaver
hXXp://www . download3000 . c om/download_45524.html
it is available to all users but only activated on mine. plus i installed
it in May and have been encountering this problem for about 4 or 5 months (so
about right).
is it possible then that there is some weird interaction going on between
the s/saver and the defender /mrt updates (which are the only ones seeming to
cause the problem)? if so is it possible to keep the s/saver (which is
really rather nice) and also fix the problem do you think ?
i have also now run malwarebytes and it found a few things inc a trojan.
didn't look significant, but i wouldn't know....
on Stanley's suggestions, very comprehensive and welcome, however a last
resort for me, partly because it looks like they would take 2 or 3 days to
work thru and partly because they seem to involve uninstalling a lot of
products and updates, and for a relatively inexperienced user like me (i am
guessing you have a sense of where i am experience wise by now) this makes me
nervous.
lopar said:i'm sorry i don't know how to access the cbs.log?
lopar said:ok ran sas in safe mode, nothing except cookies found.. reran mwb and nothing
at all found.
ran search in explorer for cbs.log but nothing found with that name. search
included system files hidden folders and sub folders ??
did you see the mwb log i posted ?
very cryptic - like, what sort of damage?1PW said:I believe a reboot deletes the cbs.log file unless it's renamed before
the deletion occurs.
MBAM
Yes - I saw two Trojans and you also related the download3000 thing.
I was hoping for a better outcome. However, the other things you have
mentioned along the way leads me to believe that more serious damage
has taken place.
don't know what flatten and rebuild is but it sounds hideous.....If the malware removals by MBAM and Shenan Stanley's cleanup procedure
do not eliminate your repeating trouble, I believe a "Flatten and
Rebuild" procedure is the next reasonable step.
lopar said:Good news is that i have just downloaded KB915597 and no probs. If its
defender related then its not all defender updates. Won't know until 15th..It
sounds like you are running out of ideas to help further....
perhaps the
next step is to await 15 October therefore and see what happens then.
Thanks for your continued support.
Pl page down for other comments on your post.
very cryptic - like, what sort of damage?
i take it you advise me to uninstall the s/saver ? Is there any way to
retain it and fix the problem ?
don't know what flatten and rebuild is but it sounds hideous.....
as i said, Shenan's comments, whilst appreciated, may be a step too far for
me. I only get an hour or so between work and family commitments to do this
stuff - his "8 to 10 hours" post would be a big deal for me and would be
warranted only if there was a major system problem. At the moment, unless
there is something you are not telling me, its just an 'irritation' having to
restore so often. That is certainly not to say that his and your help isn't
welcome though.
lopar said:Every month, around the 15th, my profile settings are corrupted and I
have to do a system restore to get them back. The system generated
restore point immediately before this happens is labelled by the
system 'Software Distribution Service 3.0'. On looking into this it
seems that at some point I have accepted an EULA to download and run
something called Malicious Software Reporting Tool, and recently (a
few months ago) Microsoft announced that they would update this
program each month (the second Tuesday of the month) and it would
from then on automatically run a system check in the background for
malicious software. I checked on Google and there was one reference
to this potentially corrupting profile settings for users.
This would seem to be the cause of the problem therefore.
The solution on the Microsoft web page was to remove tool from the
automatic updates list, however this item is not listed on my
automatic updates (its not hidden either). I have therefore changed
my updates to notify me but not download or install. When the
program popped up a few days ago I did not therefore download it.
Yesterday however I did download a Windows Defender security update
(which I assumed was unrelated), however the system has now been
corrupted again.
Things I have done to try and fix this
1. Tried to remove it using add remove programs - it won't let you.
2. searched for the individual files in the directory to manually
delete them - they seemed to be system files and it wouldn't let me
3. I found a reference to this tool working in conjunction with
Windows Genuine Advantage, so I tried to remove that aswell as in 1
and 2 above - I did find some files but couldn't delete the main one.
4. did a registry search to try and find these files and deleted a few
entries to at least cause the program to fall over (I hoped), but
evidently that didn't work either.
5. checked my firewall (zone alarm) and blocked the malicious
software tool - no effect (couldn't find Software Distribution
Service in ZA so couldn't block that)
6. tried to find either program in the applications tray to disable
it there (control alt delete) but couldn't see it
7. tried to block it in Windows Defender (in the bit that lists all
programs running) but its not listed
8. contacted Microsoft help on email who were totally useless
9. tried to access their expert user (I assume a blog page) but the
system kept telling me my settings weren't right to access that
service. I changed the settings exactly as they suggested but I
still kept getting that message
10. in desperation rang them to enquire about paid support but they
told me they would charge £60 (even if it were a 2 minute job!). I
am not prepared to pay that for what is after all a Microsoft's bug !
The only other thing I can think of to do is to not download any
updates for Windows Defender either - assuming the 2 products are
related. However I won't know the outcome of that for another month
since it only happens once a month.
If it is still causing a problem then I can only assume that the
software is already installed and will run once a month anyway
without an update. If that's the case I need to know how to get into
the system files to disable it - surely there must be a way ??
Any help you can think of to give me would be very much appreciated -
I am certainly trying to fix it myself without asking anyone and have
spent many hours doing so, but I am at a dead end!
For info I am running Windows XP Home, SP3, with AVG and ZA.
Many thanks for your help.
Peter Foldes said:lopar
Do you have Zone Alarm installed? It is the cause of this issue.
Uninstall ZA before downloading the Malicious Software and any
Defender Updates. Best to remove ZA and use the built in Windows
Firewall which does a better job anyway