Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PLEASE HELP!


  • Please log in to reply
15 replies to this topic

#1 electronicallyblonde

electronicallyblonde

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Jersey
  • Local time:05:05 PM

Posted 13 January 2009 - 12:46 AM

ok, so i have been having some troubles lately and i dont know what to do. my computer is a dell inspiron 1000 with windows xp. lately it has had super slow starts and just recently its been freezing up before i even click anything. my dad told me to turn off my restore points and then run mcafee. did that and deleted all the quarantined files and thought i was good. but it has just started again. i just tried to do a scan and some window popped up (i forgot all that it said but it was something about a program has ended) so i sent the report and the computer restarted. then i turned the computer back on and the screen was blue and said "you must restart windows to prevent further damage...technical info:***stop:0x0000008e(0xc0000005,0xf61f9398,oxf57d3158,0x00000000). so i guess my questions are 1)does anyone know what that means? 2)how can i get it to last a whole scan? 3)also during the scan a lot of files said mdm.inf, or mdmbug3.pnf...are these types of files bad? thanks in advance!

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:06:05 PM

Posted 13 January 2009 - 11:36 AM

mdmbug3.pnf
http://www.bleepingcomputer.com/filedb/mdmbug3.pnf-4917.html
mdm.inf
Seems to be a PC Tel modem driver
There is a chance it could be a virus. Let's find out. If you cannot do it in regular mode, try Safemode w/networking:

---------------------------------------------

The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 electronicallyblonde

electronicallyblonde
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Jersey
  • Local time:05:05 PM

Posted 14 January 2009 - 02:41 AM

ok so i went on under safe mode with networking, i ran the scan and it found about 103 things. it was about 40 in the beginning and then the last part the number shot up! i cut and copied the report and then the computer restarted. obviusly i lost the results i copied, but i went bak in under logs and it didnt save the report there. so i ran the scan again just to see what i would get, and this is the report from the second one. i figured id send it before restarting so i dont lose these too. is there any way i can find the results from the first one?
Malwarebytes' Anti-Malware 1.32
Database version: 1649
Windows 5.1.2600 Service Pack 2

1/14/2009 2:41:17 AM
mbam-log-2009-01-14 (02-41-17).txt

Scan type: Quick Scan
Objects scanned: 70248
Time elapsed: 26 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9506910a-0f94-4ea1-b567-7070428b8b2b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6156a32a-c512-4e23-aa9a-2315f4265681} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{232d2677-68ee-4fa1-b988-279ebc8969ed} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1702984e-7f76-458b-a33a-a7b32a0dcc72} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\annie baby\Local Settings\Temp\445.tmp.exe (Trojan.FakeAlert) -> Delete on reboot.

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:06:05 PM

Posted 14 January 2009 - 04:57 PM

Don't worry about the lost log
If possible let's do this scan in normal mode
--------------------------

Please reboot the computer
Open MBAM and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan
After scan click Remove Selected, Post new scan log for review
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 electronicallyblonde

electronicallyblonde
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Jersey
  • Local time:05:05 PM

Posted 14 January 2009 - 05:53 PM

well for the record i found the results from the first scan. i was in administator under safe mode and so i went under there again and got them. here they are if it helps with anything.
Malwarebytes' Anti-Malware 1.32
Database version: 1649
Windows 5.1.2600 Service Pack 2

1/14/2009 1:09:36 AM
mbam-log-2009-01-14 (01-09-36).txt

Scan type: Quick Scan
Objects scanned: 69053
Time elapsed: 8 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 50
Registry Values Infected: 7
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 37

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\hgGvtQGa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\ljJBqrRi.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4108c025-e7bf-48f4-b1f7-8b8d527d4fe9} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4108c025-e7bf-48f4-b1f7-8b8d527d4fe9} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjbqrri (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{232d2677-68ee-4fa1-b988-279ebc8969ed} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{232d2677-68ee-4fa1-b988-279ebc8969ed} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExploreUpdSched (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\hggvtqga -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\hggvtqga -> Delete on reboot.

Folders Infected:
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\oTt02e (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalwareGuard (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\hgGvtQGa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\aGQtvGgh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\aGQtvGgh.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ljJBqrRi.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\myss_sb_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\annie baby\Local Settings\Temp\winsinstall.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\annie baby\Local Settings\Temp\winvsnet.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\annie baby\Local Settings\Temporary Internet Files\Content.IE5\H6B2DSED\winsinstall[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalwareGuard\BL.dat (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalwareGuard\WL.dat (Rogue.AntiMalwareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\OLFi33dK.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\senekakoqorjdu.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\senekabcrxnkfi.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\{3a50139b-016f-d95f-cb2e-3cea4a6fbdb5}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\{3d804b33-65ea-c017-917e-86cac9466dd9}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\efcDUoOh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf37d8511.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMf37d8511.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Start Menu\Programs\Startup\Think-Adz.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anne Walker\Start Menu\Programs\Startup\Think-Adz.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Start Menu\Programs\Startup\TA_Start.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anne Walker\Start Menu\Programs\Startup\TA_Start.lnk (Malware.Trace) -> Quarantined and deleted successfully.

#6 electronicallyblonde

electronicallyblonde
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Jersey
  • Local time:05:05 PM

Posted 14 January 2009 - 08:43 PM

Here is the log from the full scan in normal mode.
Malwarebytes' Anti-Malware 1.32
Database version: 1653
Windows 5.1.2600 Service Pack 2

1/14/2009 8:31:31 PM
mbam-log-2009-01-14 (20-31-31).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 103961
Time elapsed: 2 hour(s), 19 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Ken\Local Settings\Temp\NI.UGA6P_1001_N109M1307 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Ken\Local Settings\Temp\NI.UGA6P_1001_N109M1307\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ken\Start Menu\Programs\Startup\TA_Start.lnk (Malware.Trace) -> Quarantined and deleted successfully.

I'm already noticing a difference in my computer because it is not freezing up at all and it is making it through these scans without shutting off. i was also having problems with mcafee before, as when i opened mcafee, it always said i was not protected, so i guess something was corrupting that too. so, do you have any other suggestions to improve the performance of my computer?

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 PM

Posted 14 January 2009 - 10:09 PM

Hello.

Those files MBAM flagged are "temporarily files" and the other one was a "baddy" which got quarantined. :thumbsup:

How is your computer running other than slowness?

System Performance are due to many factors, it could be the amount of RAM you have on your computer and the number of processes, startups or services you have running on your computer.

Increase System Performance

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

See if that helps a bit.

Run an Online scan to see if there's anything else that needs to be dealt with.

Download and Run ATFCleaner

Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Post back with the Kaspersky log once it's complete.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 electronicallyblonde

electronicallyblonde
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Jersey
  • Local time:05:05 PM

Posted 18 January 2009 - 01:09 AM

ok here is the report from the kaspersky scan. sorry it took so long. the computer is running much better. still a little slow but i still have to do all the other things you recommended, but at least it isnt freezing up and i can complete scan. I also havent had any of those annyoying pop-ups! I dont think i can say this enough to you guys, but thank you so much for taking time out of your schedule to help me have some peace of mind! you both have been a tremendous help!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, January 18, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, January 18, 2009 02:14:03
Records in database: 1639432
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 55112
Threat name: 5
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 02:05:52


File name / Threat name / Threats count
C:\Documents and Settings\Anne Walker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-519e363a-5407fd75.zip Infected: Trojan-Downloader.Java.OpenConnection.ap 1
C:\Documents and Settings\annie baby\g5.exe Infected: not-a-virus:AdWare.Win32.Agent.eqz 1
C:\Documents and Settings\annie baby\gside.exe Infected: not-a-virus:AdWare.Win32.BHO.cdk 1
C:\Documents and Settings\annie baby\Local Settings\Temp\445.tmp Infected: Trojan.Win32.Agent.bfnz 1
C:\Program Files\Windows NT\progyca.html Infected: Trojan-Clicker.HTML.IFrame.dn 1

The selected area was scanned.

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 PM

Posted 18 January 2009 - 11:42 AM

Hello.

Glad your computer is running better. Kaspersky found a few items we should take care of.

An Infected java cache was detected better remove it and a temp file and a website. We will remove it.

Create and Run batch script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "quote".

    @Echo off

    For %%a in (
    C:\Documents and Settings\Anne Walker\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-519e363a-5407fd75.zip I
    C:\Documents and Settings\annie baby\Local Settings\Temp\445.tmp
    C:\Program Files\Windows NT\progyca.html
    ) DO (
    del /q /s %%a
    )

    Exit

    Del %0

  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input removal.bat.
  • Hit OK.
When done properly, the icon should look like Posted Image for the .bat file.

Double click on removal.bat, and Black DOS window shall appear and then disappear. This is normal please do not panic. After that it will disappear.

That batch file you created deletes the files that were infected.

Anything else you want to ask? Everything seems okay now.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 electronicallyblonde

electronicallyblonde
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Jersey
  • Local time:05:05 PM

Posted 19 January 2009 - 10:56 PM

the only other thing i am having problems with is when i go to defrag my computer, it says i have only 12% free space. i know a lot of that is pictures so im trying to get them off my computer. but a lot of them are fragmented files. do you know any way to delete them?

#11 electronicallyblonde

electronicallyblonde
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Jersey
  • Local time:05:05 PM

Posted 19 January 2009 - 11:57 PM

this is the report i got back when i analyzed the c drive for the defrag. how can i delete these things, if possible?


Volume (C:)
Volume size = 25.72 GB
Cluster size = 4 KB
Used space = 23.12 GB
Free space = 2.59 GB
Percent free space = 10 %

Volume fragmentation
Total fragmentation = 11 %
File fragmentation = 20 %
Free space fragmentation = 3 %

File fragmentation
Total files = 51,052
Average file size = 818 KB
Total fragmented files = 1,061
Total excess fragments = 15,774
Average fragments per file = 1.30

Pagefile fragmentation
Pagefile size = 336 MB
Total fragments = 36

Folder fragmentation
Total folders = 5,589
Fragmented folders = 25
Excess folder fragments = 279

Master File Table (MFT) fragmentation
Total MFT size = 91 MB
MFT record count = 57,141
Percent MFT in use = 61 %
Total MFT fragments = 2

--------------------------------------------------------------------------------
Fragments File Size Most fragmented files
7,987 499 MB \Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\pcc_S-1-5-21-3895149624-824023418-3409356266-1006.log
1,281 112 MB \Documents and Settings\Ken\My Documents\My Pictures\Medford Care Center\Kens 045.avi
637 48 MB \Documents and Settings\annie baby\My Documents\My Videos\Summer Jam '07.wmv
501 31 MB \Documents and Settings\Ken\Local Settings\Temp\{FD6243E2-7CC6-45AD-966B-A54DDE7E10C6}\Sony Ericsson PC Suite.msi
328 45 MB \Documents and Settings\Ken\My Documents\My Pictures\Medford Care Center\End of the world.avi
269 47 MB \Documents and Settings\Ken\My Documents\My Pictures\Kens 051.avi
147 36 MB \Documents and Settings\Ken\My Documents\My Pictures\Medford Care Center\Kens 048.avi
144 576 KB \WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e
129 21 MB \Documents and Settings\Anne Walker\My Documents\My Music\Dave Chappelle - Piss On You.mpg
97 6 MB \Documents and Settings\Anne Walker\My Documents\My Music\Toby Keith - I'll Never Smoke Weed With Willie Again.mp3
93 31 MB \Documents and Settings\Ken\Local Settings\Temp\71d9a.msi
89 224 MB \Documents and Settings\Anne Walker\My Documents\My Music\The Simpsons - Homer Smokes Weed.mpg
87 348 KB \WINDOWS\ntbtlog.txt
79 48 MB \Documents and Settings\Anne Walker\My Documents\My Music\Eminem - Superman (uncensored).mpg
78 17 MB \WINDOWS\SYSTEM32\MRT.exe
77 47 MB \Documents and Settings\All Users\Documents\My Pictures\Anne's Digicam Pics\annes pics 100.avi
73 5 MB \Documents and Settings\annie baby\Local Settings\Temporary Internet Files\Content.IE5\I5TXN88Q\t[1].flv
64 5 MB \Documents and Settings\annie baby\Local Settings\Temporary Internet Files\Content.IE5\I5TXN88Q\23863713_dpflvhi_0[1].flv
55 3 MB \WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
52 48 MB \Documents and Settings\Anne Walker\My Documents\My Music\Gnarls Barkley- Crazy.mpg
52 3 MB \WINDOWS\SYSTEM32\wkdifowv.ini
43 1 KB \Documents and Settings\annie baby\ntuser.dat.LOG
42 3 MB \Program Files\MUSICMATCH\Musicmatch Jukebox\mmjb.exe
42 3 MB \Documents and Settings\annie baby\Application Data\WeatherBug\60Sales-ACE-GNO-0608.bmp
42 82 MB \Documents and Settings\All Users\Documents\My Pictures\Anne's Digicam Pics\ricky graduation\New Folder\My Pictures 089.avi
40 39 MB \Documents and Settings\Anne Walker\My Documents\My Music\Nickelback - If Everyone Cared(MUSIC VIDEO).mpg
40 610 KB \Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d91a02f392e10.bup
40 31 MB \Documents and Settings\Anne Walker\My Documents\My Music\Panic! At The Disco - I Write Sins Not Tragedies Video.mpg
39 57 MB \Documents and Settings\Anne Walker\My Documents\My Music\Chamillionaire - Riding Dirty Video.mpg

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 PM

Posted 20 January 2009 - 03:41 PM

Hello.

the only other thing i am having problems with is when i go to defrag my computer, it says i have only 12% free space. i know a lot of that is pictures so im trying to get them off my computer. but a lot of them are fragmented files. do you know any way to delete them?

Not sure what you mean here.. To delete them you delete them like how you delete normal files.. Do you get some sort of error when you try to delete it? Right-click on the file and select delete.. Is there a problem when you try to delete them or something?

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 electronicallyblonde

electronicallyblonde
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Jersey
  • Local time:05:05 PM

Posted 21 January 2009 - 06:25 PM

ok. i open the program to defrag my computer to clear up some space. i click analyze and it runs for a minute and it shows what all the files look like now and how much free space i will have after the defrag. a little window pops up wtih the report and says "you should defrag this volume". when i click on defragment, another window pops up and says " volume (c:) only has 12% free space available for use by defragmenter. To run effectively, it needs 15% usable free space to properly complete operation. delete some unneeded files on hard disk, then try again." The report now looks like this because i ran a search and tried to find some of the files in the report and delete them. there are some files that i can not find that i know i dont use anymore, like the first one and i was wondering if you knew of any way i could get it off my computer to clear up some room. the ones in bold are the ones i'm kinda weary of becuase they dont look right, or i cant fine them. the first file thing is an old security software that i can find anywhere in my computer and it takes up a lot of space.


Volume (C:)
Volume size = 25.72 GB
Cluster size = 4 KB
Used space = 22.41 GB
Free space = 3.31 GB
Percent free space = 12 %

Volume fragmentation
Total fragmentation = 9 %
File fragmentation = 17 %
Free space fragmentation = 2 %

File fragmentation
Total files = 51,675
Average file size = 797 KB
Total fragmented files = 1,195
Total excess fragments = 15,104
Average fragments per file = 1.29

Pagefile fragmentation
Pagefile size = 336 MB
Total fragments = 36

Folder fragmentation
Total folders = 5,598
Fragmented folders = 23
Excess folder fragments = 343

Master File Table (MFT) fragmentation
Total MFT size = 91 MB
MFT record count = 57,758
Percent MFT in use = 62 %
Total MFT fragments = 2

--------------------------------------------------------------------------------
Fragments File Size Most fragmented files
7,987 499 MB \Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\pcc_S-1-5-21-3895149624-824023418-3409356266-1006.log
1,281 112 MB \Documents and Settings\Ken\My Documents\My Pictures\Medford Care Center\Kens 045.avi
637 48 MB \Documents and Settings\annie baby\My Documents\My Videos\Summer Jam '07.wmv
501 31 MB \Documents and Settings\Ken\Local Settings\Temp\{FD6243E2-7CC6-45AD-966B-A54DDE7E10C6}\Sony Ericsson PC Suite.msi
328 45 MB \Documents and Settings\Ken\My Documents\My Pictures\Medford Care Center\End of the world.avi
269 47 MB \Documents and Settings\Ken\My Documents\My Pictures\Kens 051.avi
147 36 MB \Documents and Settings\Ken\My Documents\My Pictures\Medford Care Center\Kens 048.avi
144 576 KB \WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e
93 31 MB \Documents and Settings\Ken\Local Settings\Temp\71d9a.msi
87 348 KB \WINDOWS\ntbtlog.txt
77 47 MB \Documents and Settings\All Users\Documents\My Pictures\Anne's Digicam Pics\annes pics 100.avi
55 3 MB \WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
52 3 MB \WINDOWS\SYSTEM32\wkdifowv.ini

48 3 MB \Documents and Settings\annie baby\Local Settings\Temporary Internet Files\Content.IE5\QJGS1OU6\587be41207b77d1d[1].flv
44 1 KB \Documents and Settings\annie baby\ntuser.dat.LOG
42 3 MB \Program Files\MUSICMATCH\Musicmatch Jukebox\mmjb.exe
42 3 MB \Documents and Settings\annie baby\Application Data\WeatherBug\60Sales-ACE-GNO-0608.bmp
40 610 KB \Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d91a02f392e10.bup
38 156 KB \Documents and Settings\annie baby\Local Settings\Temporary Internet Files\Content.IE5\W22OIZI1
38 160 KB \Documents and Settings\annie baby\Local Settings\Temporary Internet Files\Content.IE5\QJGS1OU6
37 156 KB \Documents and Settings\annie baby\Local Settings\Temporary Internet Files\Content.IE5\6SX2BJ4W

35 56 MB \Documents and Settings\All Users\Documents\My Pictures\Anne's Digicam Pics\ricky graduation\New Folder\My Pictures 090.avi
35 2 MB \Documents and Settings\annie baby\Local Settings\Temp\jkos-annie baby\packages\kos-bin-winnt-engine.jar
35 148 KB \Documents and Settings\annie baby\Local Settings\Temporary Internet Files\Content.IE5\Z9I3LLHC

30 2 MB \Program Files\WordPerfect Office 12\Programs\PFIT120EN.DLL
28 2 MB \WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\inetcpl.cpl
28 2 MB \WINDOWS\SYSTEM32\DLLCACHE\inetcpl.cpl
27 43 MB \Documents and Settings\Ken\My Documents\My Pictures\Medford Care Center\annes pics 104.avi
27 410 KB \Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d91a02e232610.bup

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 PM

Posted 23 January 2009 - 04:26 PM

Hello.

Let's see if we can remove them and see if it's still there. I'm going to remove everything you bolded except some windows files of course, if you don't want something to be removed please stop and tell me. First lets remove some temp folders/files..

Download and Run ATFCleaner

Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
That tool you just ran should remove the temp and internet files and we will just deal with the reamining files.
Create and Run batch script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "quote".

    @Echo off

    If Exist "C:\deletelog.txt" del "C:\deletelog.txt"
    For %%a in (
    C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\pcc_S-1-5-21-3895149624-824023418-3409356266-1006.log
    C:\Documents and Settings\Ken\Local Settings\Temp\{FD6243E2-7CC6-45AD-966B-A54DDE7E10C6}\Sony Ericsson PC Suite.msi
    C:\Documents and Settings\All Users\Documents\My Pictures\Anne's Digicam Pics\annes pics 100.avi
    C:\Documents and Settings\annie baby\ntuser.dat.LOG
    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d91a02f392e10.bup
    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d91a02e232610.bup
    C:\Documents and Settings\annie baby\Local Settings\Temp\jkos-annie baby\packages\kos-bin-winnt-engine.jar
    C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7d91a02e232610.bup
    ) Do (
    del /q /s /f /a %%a >nul 2>&1
    if exist %%a echo.%%~a>>"C:\deletelog.txt"
    )
    if exist "C:\deletelog.txt" ( start notepad "C:\deletelog.txt"
    ) else echo.Deleted!
    Pause

    Exit

    Del %0

  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input filedelete.bat.
  • Hit OK.
When done properly, the icon should look like Posted Image for the .bat file.

Double click on filedelete.bat, and Black DOS window shall appear and then after a while it will disappear. This is normal please do not panic. Then you should see a message on the black window tell me what it says in your next reply. After you have written the message down, press any key to exit that Dos window.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 electronicallyblonde

electronicallyblonde
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Jersey
  • Local time:05:05 PM

Posted 27 January 2009 - 10:23 PM

ok. sorry it took me so long to reply. i had the atf cleaner from previous advice and that helped clear up some of the other things. then i ran the delete log and it deleted all the files so now im up to 15% free space so its a major improvement in my eyes. i thought it was going to take a while, so i strayed away for a while, and when i came back all it said on the black screen was that the files were deleted successfully. i did the "analyze this volume" thing again to make sure all the files were gone, and they were, but there were more, so i just give up on that! lol. they are mostly pictures and videos, so im working on getting them online and printed out so i can just delete them all. but i just want to say thank you again. you have helped me so much and my computer is working so much faster and so much quieter! it almost feels like a new computer. i was to the point i was just about to give up completely and throw it out the window, but thanks to your time and patience, it is healthy again! so thank you so much for taking time out of your day to walk me through, step by step, and helping me. It is greatly appreciated!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users