Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've been infected with something nasty..


  • This topic is locked This topic is locked
11 replies to this topic

#1 eriathwen

eriathwen

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 13 May 2010 - 08:03 PM

Hi

I was forwarded to this topic forum from Am I infected? What to do, by boopme to post my logs from DDS and gmer. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/316368/my-laptop-is-infected-with-some-nasty-bleep-help-please/ ~ OB

I started having problems with my laptop/notepad a while ago Main problem is that my internett is extreemly slow, Ive only got about 25% of my capasity, and Im the only one using my line. I get bombarded with nasty ads, pop-ups and fake Windows ..windows... I use the same programs setting and protection as my antique much smaller stationery computer without any problem. Ive tried different anti malewareprograms (, Antimalewarebites, F-secure, Superantispyware+++ and virusscanners (avg, avira Microsoft security essentials (which using now) and a few days ago SpybootS&D found Virtumonde, It said that it fixed it and have not come out positiv after, but my problems are still the same.

Sometimes I loose the abillity to scroll with my mousepad, if I restart it will come back, or If I scann for mailware. A while ago I remember having some colorchanges where my startpagebutton on browser are.
PS: Im dyselectic and Norwegian, and not an expert writher, so please ask If something is hard to understand thumbup2.gif

Anyways here are my logs

DDS:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Monica Aakvik at 0:28:22,23 on 14.05.2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1014.418 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
c:ProgramfilerMicrosoft Security EssentialsMsMpEng.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:WINDOWSsystem32spoolsv.exe
svchost.exe
C:WINDOWSSystem32svchost.exe -k Akamai
C:ProgramfilerBonjourmDNSResponder.exe
C:ProgramfilerJavajre6binjqs.exe
C:ProgramfilerAcerAcer VCMRS_Service.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:WINDOWSsystem32SearchIndexer.exe
C:ProgramfilerWIDCOMMBluetooth Softwarebinbtwdins.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32PersistenceThread.exe
C:WINDOWSsystem32igfxsrvc.exe
C:ProgramfilerSynapticsSynTPSynTPEnh.exe
C:ProgramfilerLaunch ManagerLManager.exe
C:ProgramfilerCyberLinkPowerDVD8PDVD8Serv.exe
C:ProgramfilerJavajre6binjusched.exe
C:ProgramfilerMicrosoft Security Essentialsmsseces.exe
C:WINDOWSsystem32ctfmon.exe
C:ProgramfilerAcerAcer VCMAcerVCM.exe
C:ProgramfilerWIDCOMMBluetooth SoftwareBTTray.exe
C:WINDOWSsystem32igfxext.exe
C:ProgramfilerWindows Desktop SearchWindowsSearch.exe
C:WINDOWSsystem32SearchProtocolHost.exe
C:Documents and SettingsMonica AakvikSkriveborddds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.startsiden.no/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=0&o=xph&d=0709&m=ao751h
uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=0&o=xph&d=0709&m=ao751h
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:programfilerfellesfileradobeacrobatactivexAcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:progra~1spybot~1SDHelper.dll
BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:programfilerfellesfilermicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:programfilerjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:programfilerjavajre6libdeployjqsiejqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [CTFMON.EXE] c:windowssystem32ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:programfilerrealtekaudiodriversAzMixerSel.exe
mRun: [IMJPMIG8.1] "c:windowsimeimjp8_1IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:windowssystem32imepintlgntImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:windowssystem32imetintlgntTINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:windowssystem32imetintlgntTINTSETP.EXE /IMEName
mRun: [IgfxTray] c:windowssystem32igfxtray.exe
mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe
mRun: [PersistenceThread] c:windowssystem32PersistenceThread.exe
mRun: [SynTPEnh] c:programfilersynapticssyntpSynTPEnh.exe
mRun: [LManager] c:programfilerlaunch managerLManager.exe
mRun: [RemoteControl8] c:programfilercyberlinkpowerdvd8PDVD8Serv.exe
mRun: [PDVD8LanguageShortcut] c:programfilercyberlinkpowerdvd8languageLanguage.exe
mRun: [SunJavaUpdateSched] "c:programfilerjavajre6binjusched.exe"
mRun: [QuickTime Task] "c:programfilerquicktimeqttask.exe" -atboottime
mRun: [MSSE] "c:programfilermicrosoft security essentialsmsseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:programfileradobereader 9.0readerReader_sl.exe"
mRun: [Adobe ARM] "c:programfilerfellesfileradobearm1.0AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:programfilerfellesfileradobeoobepdappuwaUpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:programfilerfellesfileradobeswitchboardSwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:programfilerfellesfileradobecs5servicemanagerCS5ServiceManager.exe" -launchedbylogin
dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE
dRun: [DWQueuedReporting] "c:progra~1felles~1micros~1dwdwtrig20.exe" -t
StartupFolder: c:docume~1alluse~1start-~1progra~1oppstartacervc~1.lnk - c:programfileraceracer vcmAcerVCM.exe
StartupFolder: c:docume~1alluse~1start-~1progra~1oppstartbttray.lnk - c:programfilerwidcommbluetooth softwareBTTray.exe
StartupFolder: c:docume~1alluse~1start-~1progra~1oppstartwindow~1.lnk - c:programfilerwindows desktop searchWindowsSearch.exe
IE: E&ksporter til Microsoft Excel
IE: Send til &Bluetooth-enhet... - c:programfilerwidcommbluetooth softwarebtsendto_ie_ctx.htm
IE: Send til Bluetooth - c:programfilerwidcommbluetooth softwarebtsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:programfilerwidcommbluetooth softwarebtsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:programfilermessengermsmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:progra~1spybot~1SDHelper.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Programfiler/Venice%20Mystery/Images/stg_drm.ocx
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Programfiler/Venice%20Mystery/Images/armhelper.ocx
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:programfileraceracer vcmSkype4COM.dll
Notify: !SASWinLogon - c:programfilersuperantispywareSASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:programfilersuperantispywareSASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:programfilerwindows desktop searchMSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:windowssystem32driversMpFilter.sys [2009-6-18 149040]
R1 SASDIFSV;SASDIFSV;c:programfilersuperantispywareSASDIFSV.SYS [2010-1-5 12872]
R1 SASKUTIL;SASKUTIL;c:programfilersuperantispywareSASKUTIL.SYS [2010-1-5 68168]
R2 Akamai;Akamai NetSession Interface;c:windowssystem32svchost.exe -k Akamai [2009-4-29 14336]
R2 avgntflt;avgntflt;c:windowssystem32driversavgntflt.sys [2010-1-17 56816]
R2 RS_Service;Raw Socket Service;c:programfileraceracer vcmRS_Service.exe [2009-4-29 237568]
R3 igd;igd;c:windowssystem32driversigxpmp32.sys [2009-4-29 5096544]
S1 avgio;avgio; [x]
S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [2009-4-29 1684736]
S3 cxbu0wdm;OMNIKEY 3x21;c:windowssystem32driverscxbu0wdm.sys [2010-1-25 115712]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:windowssystem32driversrtsustor.sys --> c:windowssystem32driversRtsUStor.sys [?]
S3 RtsUIR;Realtek IR Driver;c:windowssystem32driversrts516xir.sys --> c:windowssystem32driversRts516xIR.sys [?]
S3 SASENUM;SASENUM;c:programfilersuperantispywareSASENUM.SYS [2010-1-5 12872]
S3 SwitchBoard;SwitchBoard;c:programfilerfellesfileradobeswitchboardSwitchBoard.exe [2010-2-19 517096]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:programfileraviraantivir desktopsched.exe [2010-1-17 108289]
S4 AntiVirService;Avira AntiVir Guard;c:programfileraviraantivir desktopavguard.exe [2010-1-17 185089]

=============== Created Last 30 ================

2010-05-13 18:58:17 0 d-----w- c:programfilerVideoLAN
2010-05-13 18:43:47 0 d--h--r- c:documents and settingsmonica aakvikSiste
2010-05-13 18:05:26 0 d--h--w- c:windowsPIF
2010-05-13 16:27:47 0 d-----w- c:windowssystem32NtmsData
2010-05-13 15:37:33 266360 ----a-w- c:windowssystem32TweakUI.exe
2010-05-13 15:37:33 160217 ----a-w- c:windowssystem32PowerToysLicense.rtf
2010-05-12 21:17:07 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-05-12 21:16:51 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-05-12 21:16:50 0 d-----w- c:programfilerMalwarebytes' Anti-Malware
2010-05-12 13:27:14 0 d-----w- c:docume~1alluse~1progra~1F-Secure
2010-05-07 20:55:39 91 ----a-w- c:windowswininit.ini
2010-05-07 17:11:11 0 d-----w- c:programfilerSpybot - Search & Destroy
2010-05-07 17:11:11 0 d-----w- c:docume~1alluse~1progra~1Spybot - Search & Destroy
2010-05-06 16:07:52 0 d-----w- c:docume~1monica~1progra~1Adobe Mini Bridge CS5
2010-05-06 16:07:47 0 d-----w- c:docume~1monica~1progra~1StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-05-06 02:41:00 50940 ---ha-w- c:windowssystem32mlfcache.dat
2010-05-06 02:38:45 0 d-----w- c:docume~1monica~1progra~1chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-05-06 02:14:08 0 d-----w- c:docume~1alluse~1progra~1regid.1986-12.com.adobe
2010-05-06 02:06:32 0 d-----w- c:programfilerfellesfilerAdobe AIR
2010-05-05 22:44:32 0 d-----w- c:programfilerfellesfilerAkamai

==================== Find3M ====================

2010-05-12 21:02:51 89340 ----a-w- c:windowssystem32perfc014.dat
2010-05-12 21:02:51 466152 ----a-w- c:windowssystem32perfh014.dat
2010-05-06 08:36:38 221568 ------w- c:windowssystem32MpSigStub.exe
2010-03-10 06:17:41 420352 ----a-w- c:windowssystem32vbscript.dll
2010-03-05 08:13:40 947472 ----a-w- c:windowssystem32msjava.dll
2010-02-25 06:20:31 916480 ----a-w- c:windowssystem32wininet.dll
2010-02-16 19:10:49 2148352 ----a-w- c:windowssystem32ntoskrnl.exe
2010-02-16 19:10:49 2026496 ----a-w- c:windowssystem32ntkrnlpa.exe
2009-08-15 15:57:36 245760 -csha-w- c:windowssystem32configsystemprofileietldcacheindex.dat
2009-07-17 16:13:12 32768 -csha-w- c:windowssystem32configsystemprofilelokale innstillingerlogghistory.ie5mshist012009071720090718index.dat

============= FINISH: 0:30:02,00 ===============


GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-14 02:02:34
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:DOCUME~1MONICA~1LOKALE~1Tempkwlcrpoc.sys


---- System - GMER 1.0.15 ----

SSDT F7BF56EE ZwCreateKey
SSDT F7BF56E4 ZwCreateThread
SSDT F7BF56F3 ZwDeleteKey
SSDT F7BF56FD ZwDeleteValueKey
SSDT F7BF5702 ZwLoadKey
SSDT F7BF56D0 ZwOpenProcess
SSDT F7BF56D5 ZwOpenThread
SSDT F7BF570C ZwReplaceKey
SSDT F7BF5707 ZwRestoreKey
SSDT F7BF56F8 ZwSetValueKey
SSDT F7BF56DF ZwTerminateProcess

---- User code sections - GMER 1.0.15 ----

.text C:WINDOWSsystem32SearchIndexer.exe[1916] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:WINDOWSsystem32MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice DriverKbdclass DeviceKeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice DriverKbdclass DeviceKeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----




Are the GMERlog supposed to look like this?? I have a funny feeling its not.... wacko.gif

Thank you all for good support so far thumbup.gif very helpful

Hi there

I actually think that I found out what's been bothering my computer, I read from the DDS log that AntiVir Desktop was On-access scanning enabled.. I uninstalled Avira a while ago, and have not found any indication that Avira did not uninstall completly.. I googled the problem and found out that there were many people with the same problem.

I tryed the Avira registrycleaner, It found 34 files running, but it could not remove them either. I then uninstalled MSE, reinstalled Avira, Uninstalled Avira with Ccleaner and reinstalled MSE, and I actually think It worked clapping.gif

Is there anything I can do just to make sure that everything is back to normal?? I still feel like the computer is "working" more than it used to, but far from what its been latley.

Thanks again for all your support, It's very much appreciated.

Eriathwen

Edited by Budapest, 14 May 2010 - 04:26 PM.
Posts merged ~BP


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 PM

Posted 14 May 2010 - 06:22 PM

Hi. smile.gif

My name is Extremeboy and I will help you with your log. Glad things are better now.

To confirm all is good, let's get an online scan. THe GMER log is fine, DDS logs are pretty good as well. This online scan may take a while to complete however.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 eriathwen

eriathwen
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 15 May 2010 - 02:21 PM

Hi Extremeboy smile.gif

Sorry for a bit late responce, I did not notise that I got an answer, I thaugth that the 1 reply was my last post crazy.gif

Thank you so much I'll do that now, and I'll be back when finished dance.gif

Eriathwen

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 PM

Posted 15 May 2010 - 03:14 PM

No problem. smile.gif

Thanks for letting me know. ;)
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 eriathwen

eriathwen
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 15 May 2010 - 03:48 PM


Hi again smile.gif

My computer is now being scanned, but under settings Scan for Trojans etc.etc the option was not turned on,and I could not turn it on..


Eriathwen

#6 eriathwen

eriathwen
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 15 May 2010 - 03:59 PM


OOppps, sorry forgot to turn of my anti-virus program.... clapping.gif

Do I have to start all over again, or can I stop scan, turn of my protection, update, check the settings and scan again?

Eriathwen

#7 eriathwen

eriathwen
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 15 May 2010 - 08:35 PM

Hi once again smile.gif

I really think It's clean thumbup.gif finally after weeks of frustrasjosn wacko.gif

And all this for an unknown broken un-installation, Ill pay more attention nexst time wink.gif

Anyways this is my log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, May 16, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, May 15, 2010 16:36:13
Records in database: 4115671
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\

Scan statistics:
Objects scanned: 51623
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:53:09

No threats found. Scanned area is clean.

Selected area has been scanned.


If this is it, I really want to thank you for your attention and support before you close the tread, I soon have no hair left after these weeks lmfao.gif
I've never heard about this forum before, but I'll sure blow the wiztle LOUD , good and serious service, fast reply, nice people and free,....Amazing clapping.gif





"A warrior does not need to be reminded of the help given him by others; he
is the first to remember and makes sure to share with them any rewards he
receives..." busy.gif wink.gif


Eriathwen





#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 PM

Posted 15 May 2010 - 09:56 PM

I'm glad you resolved it. Just want to give you some prevention tips before we leave off and some other information. smile.gif I like that last quote. ;) It was a pleasure even though I did not do much, beside the ending which I will just give you some prevention tips and cleanup.

Congratulations! You now appear clean! specool.gif

Now that you are clean, please follow and read some of the prevention tips >over here<. Is your system a bit slow? If so, try some of the points and things suggested here. Computer being slow doesn't always mean it's malware. ;)

If you would like, visit my http://computermalwaresecurity.blogspot.com/ blog and Subscribe/Follow along.

If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks. smile.gif

With Regards,
Extremeboy

Edited by extremeboy, 20 May 2010 - 09:16 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 eriathwen

eriathwen
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 16 May 2010 - 08:21 AM

Hi again smile.gif

Yes you have been helpful, I've been stareing my self blind and frustrated, and when I know Im about to get help I calming down, and 90 % of the time I'm asking for help I'm actually fixing the problem my self because of this... dry.gif whistling.gif

Now Im gonna clean my desktop, I can just delet all the maps on my desktop used to fix this problem?

And I would like to make a new recoverypoint so that I dont get this back... I dont think Ive done that manually before, but Im sure that its easy thumbup2.gif

So again thank you for your time, and I'll be following along in your blogspot smile.gif

SatNam
Eriathwen

I've got a new recoverypoint now :D

Edited by eriathwen, 16 May 2010 - 08:28 AM.


#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 PM

Posted 16 May 2010 - 11:05 AM

You're welcome and thanks for your kind words. It's all appreciated. smile.gif

Just for future reference if you need to, below is a safe and easy for purging a system restore point:

Create a New System Restore Point<- Very Important

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Happy surfing again and take care in the future! smile.gif

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 eriathwen

eriathwen
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 16 May 2010 - 11:40 AM


Hi again smile.gif

New erstorepoint made, and older ones deleted ;)

I can hear that my computer is back to normal,.....cause I cant hear it.... dance.gif

But I did loose the wheel on my mousepad again an hour ago.. I've searched for driver update, and its updated, and I've tried searching for faults, but it says everything is ok, so I guess I'll have to live with that, and its ok, It does'nt happen every day, just now and then thumbup2.gif At least it's not slow anymore thumbup.gif

Thank again for all your effords

Best regards
Eriatnwen

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 PM

Posted 16 May 2010 - 02:34 PM

You're welcome.

Glad I was able to help out. smile.gif

--
Since the problem appears to be resolved, this topic is now Closed. Glad we could help smile.gif
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users