Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Winupd.exe virus seems to have started my problems [Solved]


  • This topic is locked This topic is locked

#16
moordogck

moordogck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
step 3 aswMBR log

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-18 14:24:06
-----------------------------
14:24:06.046 OS Version: Windows x64 6.1.7601 Service Pack 1
14:24:06.046 Number of processors: 4 586 0x2502
14:24:06.046 ComputerName: AMY-LAPTOP UserName: Amy
14:24:12.255 Initialize success
14:25:13.169 AVAST engine defs: 12011801
14:25:16.325 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:25:16.327 Disk 0 Vendor: SAMSUNG_HM500JI 2AC101C4 Size: 476940MB BusType: 11
14:25:16.349 Device \Driver\atapi -> MajorFunction fffffa8004f785c4
14:25:16.352 Disk 0 MBR read successfully
14:25:16.355 Disk 0 MBR scan
14:25:16.358 Disk 0 MBR:Pihar-C [Rtk]
14:25:16.361 Disk 0 [email protected] code has been found
14:25:16.364 Disk 0 Windows 7 default MBR code found via API
14:25:16.367 Disk 0 MBR hidden
14:25:16.382 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
14:25:16.394 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10000 MB offset 206848
14:25:16.421 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 60000 MB offset 20686848
14:25:16.426 Disk 0 Partition - 00 0F Extended LBA 406838 MB offset 143566848
14:25:16.459 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 406837 MB offset 143568896
14:25:16.476 Disk 0 MBR [TDL4] **ROOTKIT**
14:25:16.481 Disk 0 trace - called modules:
14:25:16.486 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8004f785c4]<<
14:25:16.491 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b36060]
14:25:16.495 3 CLASSPNP.SYS[fffff8800165a43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80048cc680]
14:25:16.500 \Driver\atapi[0xfffffa8004f06a70] -> IRP_MJ_CREATE -> 0xfffffa8004f785c4
14:25:18.699 AVAST engine scan C:\Windows
14:25:20.499 AVAST engine scan C:\Windows\system32
14:27:00.394 AVAST engine scan C:\Windows\system32\drivers
14:27:13.086 AVAST engine scan C:\Users\Amy
14:28:56.125 Disk 0 MBR has been saved successfully to "C:\Users\Amy\Desktop\MBR.dat"
14:28:56.125 The log file has been saved successfully to "C:\Users\Amy\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-23 10:00:15
-----------------------------
10:00:15.262 OS Version: Windows x64 6.1.7601 Service Pack 1
10:00:15.262 Number of processors: 4 586 0x2502
10:00:15.262 ComputerName: AMY-LAPTOP UserName: Amy
10:00:15.699 Initialize success
10:00:59.757 AVAST engine defs: 12012300
10:01:29.038 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:01:29.038 Disk 0 Vendor: SAMSUNG_HM500JI 2AC101C4 Size: 476940MB BusType: 11
10:01:29.054 Disk 0 MBR read successfully
10:01:29.054 Disk 0 MBR scan
10:01:29.070 Disk 0 Windows 7 default MBR code
10:01:29.070 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
10:01:29.085 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10000 MB offset 206848
10:01:29.101 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 60000 MB offset 20686848
10:01:29.116 Disk 0 Partition - 00 0F Extended LBA 406838 MB offset 143566848
10:01:29.148 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 406837 MB offset 143568896
10:01:29.148 Service scanning
10:01:30.458 Modules scanning
10:01:30.458 Disk 0 trace - called modules:
10:01:30.474 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:01:30.489 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bad060]
10:01:30.489 3 CLASSPNP.SYS[fffff8800197843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80048e8060]
10:01:31.254 AVAST engine scan C:\Windows
10:01:33.266 AVAST engine scan C:\Windows\system32
10:03:11.967 AVAST engine scan C:\Windows\system32\drivers
10:03:23.465 AVAST engine scan C:\Users\Amy
10:14:54.374 AVAST engine scan C:\ProgramData
10:17:02.887 Scan finished successfully
10:26:34.644 Disk 0 MBR has been saved successfully to "C:\Users\Amy\Desktop\MBR.dat"
10:26:34.644 The log file has been saved successfully to "C:\Users\Amy\Desktop\aswMBR.txt"
  • 0

Advertisements


#17
moordogck

moordogck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I'm not sure what to do here,
•Also, ZIP MBR.dat it creates and attach it to your next reply

I right clicked and compressed MBR.dat, is that what you wanted? and how do you want me to post it here or exactly what am I suppsed to post?

thank you!
  • 0

#18
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi moordogck,

Glad to hear that you have your files back :). We did good job here. Malware was hiding files on your system.

How is your system now? Any visible problems?

Let's do standard antivirus scan to see if there is anything left behind. To speed scan a little disable your onboard antivirus and antispyware software. When you done with scan post back log.




Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive and your D drive as well, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#19
moordogck

moordogck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi maliprog,

I might still have something here, I just got a pop up that says Windows detected a hard disk problem then a bunch of small windows that say "windows - delayed write failed, failed to save all the components for the file \\system32\\000064a3. the file is corrupted or unreadable, this error may be caused by a pc hardware problem. :( it's one of the pop ups I was getting before, also FF was ot fixed, IE works but FF hasn't since the day I told you I was getting those weird messages when trying to open IE or FF.

thank you
  • 0

#20
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. We are going to check this. Please do VRT scan now and post log after the scan. After that we'll see where we stand.
  • 0

#21
moordogck

moordogck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Is it normal for it to take this long? It says finish: 11 hours, it.s been running for one hour and it says completed 9%....
  • 0

#22
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Sometimes it does take a while to finish scan. Please be patient until it finish and post log for me.
  • 0

#23
moordogck

moordogck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
VRT Log, thank you

Status: Deleted (events: 7)
1/24/2012 4:49:52 PM Deleted Trojan program Trojan.Win32.FakeAV.kpwo C:\Documents and Settings\All Users\RJwgFTFfCSs.exe High
1/24/2012 4:49:52 PM Deleted Trojan program Trojan.Win32.FakeAV.kpwo C:\ProgramData\RJwgFTFfCSs.exe High
1/24/2012 4:58:56 PM Deleted virus HEUR:Trojan.Script.Iframer C:\Documents and Settings\Amy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IIXJNIOA\other[1].htm High
1/24/2012 5:03:33 PM Deleted malware Hoax.Win32.ArchSMS.lykn C:\Documents and Settings\Amy\AppData\Local\Temp\audiosrv.exe Medium
1/24/2012 5:03:47 PM Deleted malware Hoax.Win32.ArchSMS.lykn C:\Documents and Settings\Amy\AppData\Local\Temp\B25.tmp Medium
1/24/2012 5:03:36 PM Deleted Trojan program Trojan.Win32.FakeAV.kpwo C:\Documents and Settings\Amy\AppData\Local\Temp\sa0o1RiDK8t2NC.exe.tmp High
1/24/2012 5:51:42 PM Deleted Trojan program Trojan.Win32.FakeAV.kpwo C:\Documents and Settings\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\71ce81fc-657b1bb6 High
Status: Disinfected (events: 40)
1/24/2012 5:50:17 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.do C:\Documents and Settings\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\42c0be54-39cc6712 High
1/24/2012 5:50:17 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.do C:\Documents and Settings\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\42c0be54-39cc6712/Update.class High
1/24/2012 5:50:23 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.dd C:\Documents and Settings\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\19ad1f63-27114414 High
1/24/2012 5:50:23 PM Disinfected Trojan program Trojan.Java.Agent.ak C:\Documents and Settings\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\19ad1f63-27114414/chrome/Unicode.class High
1/24/2012 5:50:26 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.dd C:\Documents and Settings\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\19ad1f63-51cad4c6 High
1/24/2012 5:50:26 PM Disinfected Trojan program Trojan.Java.Agent.ak C:\Documents and Settings\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\19ad1f63-51cad4c6/chrome/Unicode.class High
1/24/2012 5:50:23 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.dd C:\Documents and Settings\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\19ad1f63-27114414/direct/bear.class High
1/24/2012 5:50:26 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.dd C:\Documents and Settings\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\19ad1f63-51cad4c6/direct/bear.class High
1/24/2012 5:50:36 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.de C:\Documents and Settings\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\7aa787bb-20de5ecb High
1/24/2012 5:50:36 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.de C:\Documents and Settings\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\7aa787bb-20de5ecb/support/Pipe.class High
1/24/2012 7:35:28 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.cs C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\jar_cache5297801063872411626.tmp/arjwtjssnfugspuf/alhkwsqjchugqgeuthjat.class High
1/24/2012 7:33:52 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.da C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\1a57f7ad-3604d923/Update.class High
1/24/2012 7:33:52 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.da C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\1a57f7ad-3604d923 High
1/24/2012 7:35:28 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.cs C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\jar_cache5297801063872411626.tmp/arjwtjssnfugspuf/cmhwavamlanwwqpngdrav.class High
1/24/2012 7:35:28 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.cs C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\jar_cache5297801063872411626.tmp/arjwtjssnfugspuf/dqjqfacusrddtpfycjakl.class High
1/24/2012 7:35:28 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.cs C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\jar_cache5297801063872411626.tmp/arjwtjssnfugspuf/pycyqpltpvpjdrqllfsgg.class High
1/24/2012 7:35:28 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.cs C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\jar_cache5297801063872411626.tmp/arjwtjssnfugspuf/qrsddprdkvmmdlclaeyva.class High
1/24/2012 7:35:28 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.cs C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\jar_cache5297801063872411626.tmp/arjwtjssnfugspuf/sksmwdfspvemucaqnjkvu.class High
1/24/2012 7:35:28 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.cs C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\jar_cache5297801063872411626.tmp High
1/24/2012 7:47:34 PM Disinfected Trojan program Trojan.Java.Agent.ak D:\AMY-LAPTOP\Backup Set 2011-01-23 231850\Backup Files 2011-02-20 190945\Backup files 1.zip/C\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\19ad1f63-27114414/chrome/Unicode.class High
1/24/2012 7:47:34 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.dd D:\AMY-LAPTOP\Backup Set 2011-01-23 231850\Backup Files 2011-02-20 190945\Backup files 1.zip/C\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\19ad1f63-27114414/direct/bear.class High
1/24/2012 7:47:37 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.dd D:\AMY-LAPTOP\Backup Set 2011-01-23 231850\Backup Files 2011-02-20 190945\Backup files 1.zip/C\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\19ad1f63-51cad4c6 High
1/24/2012 7:47:39 PM Disinfected Trojan program Trojan.Java.Agent.ak D:\AMY-LAPTOP\Backup Set 2011-01-23 231850\Backup Files 2011-02-20 190945\Backup files 1.zip/C\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\19ad1f63-27114414 High
1/24/2012 7:47:39 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.dd D:\AMY-LAPTOP\Backup Set 2011-01-23 231850\Backup Files 2011-02-20 190945\Backup files 1.zip High
1/24/2012 8:52:14 PM Disinfected Trojan program Trojan.Java.Agent.ak D:\AMY-LAPTOP\Backup Set 2011-07-31 190004\Backup Files 2011-07-31 190004\Backup files 7.zip/C\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\19ad1f63-27114414/chrome/Unicode.class High
1/24/2012 8:51:58 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.de D:\AMY-LAPTOP\Backup Set 2011-07-31 190004\Backup Files 2011-10-17 073210\Backup files 2.zip/C\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\7aa787bb-20de5ecb/support/Pipe.class High
1/24/2012 8:52:14 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.dd D:\AMY-LAPTOP\Backup Set 2011-07-31 190004\Backup Files 2011-07-31 190004\Backup files 7.zip/C\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\19ad1f63-27114414/direct/bear.class High
1/24/2012 8:52:01 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.de D:\AMY-LAPTOP\Backup Set 2011-07-31 190004\Backup Files 2011-10-17 073210\Backup files 2.zip/C\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\7aa787bb-20de5ecb High
1/24/2012 8:52:01 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.de D:\AMY-LAPTOP\Backup Set 2011-07-31 190004\Backup Files 2011-10-17 073210\Backup files 2.zip High
1/24/2012 8:52:22 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.dd D:\AMY-LAPTOP\Backup Set 2011-07-31 190004\Backup Files 2011-07-31 190004\Backup files 7.zip/C\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\19ad1f63-51cad4c6 High
1/24/2012 8:52:35 PM Disinfected Trojan program Trojan.Java.Agent.ak D:\AMY-LAPTOP\Backup Set 2011-07-31 190004\Backup Files 2011-07-31 190004\Backup files 7.zip/C\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\19ad1f63-27114414 High
1/24/2012 8:52:35 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.dd D:\AMY-LAPTOP\Backup Set 2011-07-31 190004\Backup Files 2011-07-31 190004\Backup files 7.zip High
1/24/2012 9:14:30 PM Disinfected Trojan program Trojan.Java.Agent.ak D:\AMY-LAPTOP\Backup Set 2012-01-18 153353\Backup Files 2012-01-22 190005\Backup files 7.zip/C\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\19ad1f63-27114414/chrome/Unicode.class High
1/24/2012 9:14:30 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.dd D:\AMY-LAPTOP\Backup Set 2012-01-18 153353\Backup Files 2012-01-22 190005\Backup files 7.zip/C\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\19ad1f63-27114414/direct/bear.class High
1/24/2012 9:14:36 PM Disinfected Trojan program Trojan-Downloader.Java.OpenConnection.dd D:\AMY-LAPTOP\Backup Set 2012-01-18 153353\Backup Files 2012-01-22 190005\Backup files 7.zip/C\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\19ad1f63-51cad4c6 High
1/24/2012 9:16:13 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.de D:\AMY-LAPTOP\Backup Set 2012-01-18 153353\Backup Files 2012-01-22 190005\Backup files 7.zip/C\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\7aa787bb-20de5ecb/support/Pipe.class High
1/24/2012 9:16:50 PM Disinfected Trojan program Rootkit.Boot.Pihar.b D:\AMY-LAPTOP\Backup Set 2012-01-18 153353\Backup Files 2012-01-22 190005\Backup files 7.zip/C\Users\Amy\Desktop\MBR.dat High
1/24/2012 9:16:50 PM Disinfected Trojan program Trojan.Java.Agent.ak D:\AMY-LAPTOP\Backup Set 2012-01-18 153353\Backup Files 2012-01-22 190005\Backup files 7.zip/C\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\19ad1f63-27114414 High
1/24/2012 9:16:50 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.de D:\AMY-LAPTOP\Backup Set 2012-01-18 153353\Backup Files 2012-01-22 190005\Backup files 7.zip/C\Users\Amy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\7aa787bb-20de5ecb High
1/24/2012 9:16:50 PM Disinfected Trojan program Rootkit.Boot.Pihar.b D:\AMY-LAPTOP\Backup Set 2012-01-18 153353\Backup Files 2012-01-22 190005\Backup files 7.zip High
  • 0

#24
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi moordogck,

Do you get these popups when you do specific step (open Firefox for example) or you doesn't have to do anything?

Please test your system after these steps and if you can take screenshot of those popups you see.

To print screen please download ClickShot.exe on your desktop
Run the program and when you are ready press [Print Screen] button on your keyboard
Post ClickShot_HHMMSS.jpg it creates here for me.


Step 1

  • Go to Start -> My Computer
  • Right click on C: disk and clik on Properties
  • Click on tab Tools and click on Check now... button
  • Check Automatically fix system errors and Scan for and attempt recovery of bad sectors
  • Click Start button
  • Confirm schedule disk check next time computer starts with Yes button
  • Restart your system and wait while system checks your disk for errors
Step 2

Download and run Puran Disc Defragmenter
Click on Boot Time Defrag button and choose Restart-Defrag-Restart

Posted Image

Step 3

Can you please download VEW and save it to your Desktop: http://images.malwar...om/vino/VEW.exe

Double-click VEW.exe then under 'Select log to query', select:
Application
System

Under 'Select type to list', select:
Error
Information
Warning

  • Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
In Notepad, click Edit > Select all then Edit > Copy
Reply to this post, click in the reply window and press Ctrl+V on your keyboard to paste the log.

Step 4

Please don't forget to include these items in your reply:

  • VEW log
It would be helpful if you could post each log in separate post
  • 0

#25
moordogck

moordogck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi maliprog,

Those things I have done they don't seem to be fixing anything, after the VRT scan I don't see any changes, I haven't gotten the pop ups yet but my desktop is missing a lot of icons and my start menu is empty, also there is nothing on the right side in the start menu, where my computer, my documents etc etc are. are we removing any viruses? I'm confused, I restarted the computer after the VRT scan and it looks the same, I'm going to do the next steps you posted for me today.

thank you
  • 0

Advertisements


#26
moordogck

moordogck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
maliprog, I don't understand how to post the screenshot, I downloaded it and pressed prtsc and then esc but then what? lol..

thanks
  • 0

#27
moordogck

moordogck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Ok, did the defragmentation and seems to have gone ok, the VEW part didn't, after it finshed when it was supposed to give me the log in notepad I got an error that says, "cannot find the C:VEW.txt file. Do you want to create a new file?"
  • 0

#28
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. With new info new steps.

Step 1

I haven't gotten the pop ups yet but my desktop is missing a lot of icons and my start menu is empty, also there is nothing on the right side in the start menu, where my computer, my documents etc etc are.


You never mentioned that you lost your icons until now (as far as I can remember). You must say things you see to me because all that are clues for me.

Let's try to get your icons back:

Download Unhide.exe from here to your desktop and run ti. It should unhide all your files.

Step 2


I don't understand how to post the screenshot, I downloaded it and pressed prtsc and then esc but then what? lol..


You should have ClickShot_HHMMSS.jpg in the same folder from where you run ClickShot.exe.

Attach picture in your next reply.

How to add an attachment to a new topic or reply

Step 3

Test your system now. What problems do you have after these steps?
  • 0

#29
moordogck

moordogck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi maliprog, ok I have my icons back on my desktop, and the folders in the start menu are not empty, the things I see different still are, no wall paper, star menu is missing the right side where it has my documents, my computer, control panel etc... the icons on the taskbar used to be all under one icon, I used to mouse over it and it would show me the rest, now they are all shown in the task bar.

The clickshot is not under a file it is an icon that looks like a photo camera, there is nothing else there to click but that.

Thank you

I have one question, are the viruses removed? how can I double check?

thank you again

Edited by moordogck, 27 January 2012 - 07:04 AM.

  • 0

#30
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please update your Malwarebytes and do Quick Scan. Post log after the scan for me.

We'll try to manually restore right side icons in Start menu by following These steps. Make sure you you have select Default programs and all icons you need. Press OK button to close Properties window and check your Start Menu now.

You can change your desktop background now by following These steps.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP