Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

only 3.5 GB out of 681GB free on my hard drive [Solved]


  • This topic is locked This topic is locked

#31
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red,
I know we are getting closer to a solution and I appreciate all the time you spent helping me. Checkup attached.
Homepage>Control Panel>Internet Properties> http://www.yahoo.com/
I clicked apply but google is still my Homepage (using firefox not IE)

Attached Files


  • 0

Advertisements


#32
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Rich :)

I appreciate all the time you spent helping me.

Thank you :happy: and you are very welcome :D

To adjust your Firefox homepage try the instructions here to see if that works. Please let me know if it works to your satisfaction :)

Java Advice:

There has been recent severe exploitation of this software. Even though this exploit has been reportedly fixed there is still a vulnerability with the software, the below is currently all that it is installed Java related:-

~> Java 7 Update 7
~> Java 7 Update 15
~> Java Auto Updater

You need to uninstall all (if still present via Programs and Features located in the Control Panel))...Your choice if you wish to go ahead and reinstall but as mentioned I advise against it and for the present I do not even have anything Java related installed on my machines and everything works just fine :)

Please let myself know what you wish to do about this in your next reply please and if you opt to re-install I will provide both the appropriate instructions and safety advice etc.


Your logs look clean :thumbsup: Now the fun part :D
Let's clean up the mess I've made and get you your space back. ;)

First, we'll reset your Firewall and cleanup your RestorePoints:

Please right click on Posted Image on your Desktop, choose Run as Administrator, accept UAC prompts.

*Under Posted Image
in the textbox at the bottom, please paste in the following:



:Files
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
%windir%\system32\vssadmin delete shadows /for=c: /all /quiet /c

:Commands
[CreateRestorePoint]






• Then click the Posted Image button at the top
• Let the program run unhindered.
• When complete, a small window pops up Posted Image
• Click ok to open the fixlog, then close it.
• Note: I do not need to review the log produced.

Clean up with OTL:

• Now close all other programs apart from OTL as this step will require a reboot.
• On the OTL main screen, press the Posted Image button.
• Say Yes to the prompt and then allow the program to reboot your computer.
• OTL will remove itself

Uninstalls

Click Start ~> Control Panel ~> Programs and Features

Uninstall the following if present:

ESET
WinDirStat



Remove AdwCleaner

Reopen AdwCleaner

Posted Image

Click on the Uninstall button

A confirmation window will open

Posted Image

Confirm by clicking Yes



Remove SecurityCheck

Right click and select Delete to remove SecurityCheck.exe.



Remove JunkwareRemovalTool

Right click and select Delete to remove JunkwareRemovalTool.

All of the tools are now uninstalled :)

You may also delete all logs, jpg pics copied for posting on your Desktop.




*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*
*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*


How to Prevent New Infections

Windows Updates

• It is critical to have both a firewall and an anti virus to protect your system and to keep them updated, and to keep your operating system up to date make sure Windows Updates are kept current:

A major essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.
If they are not already or if you need to check:

1. Open Windows Update by clicking the Start Orb. In the search box, type Update, and then, in the list of results, click Windows Update.

2. In the left pane, click Change settings.

3. Under Important updates, choose the option that you want. Recommended setting: Install updates automatically

4. Under Recommended updates, select the Give me recommended updates the same way I receive important updates check box, and then click OK. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.


*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*


Program Updates

• Keep Installed Programs Up to Date
It's important to keep all other programs on your computer updated because they can also have security vulnerability explored by the malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications to fix vulnerabilities, this can be done manually by using the Update feature included in most programs or you can use one of the following programs to help you with this:

FileHippo Update Checker

Your Antivirus and Firewall are set. You have Malwarebytes on your computer ~ Use it often it's a great tool to have. Update and run weekly to help keep your system clean!

*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*

When installing\updating ANY program, make sure you always select Custom installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*

To learn more about how to protect yourself while on the internet read our little guide Malware and Safe Computing


Disk Cleanup

1. Open Disk Cleanup by clicking the Start button ~> All Programs ~> Accessories ~> System Tools and then clicking Disk Cleanup.

2. In the Disk Cleanup Options dialog box, click Files from all users on this computer. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

3. If prompted, select the drive that you want to clean up, and then click OK.

4. Let it calculate, upon completion, a new window pops up, make sure all boxes are checked, click the OK button to let it clean.

Then

1. Run CheckDisk

1. Open Computer by clicking the Start button , and then clicking Computer.

2. Right-click the hard disk drive that you want to check, and then click Properties.

3. Click the Tools tab, and then, under Error-checking, click Check Now. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

4. Select Automatically fix file system errors.

5. Select Scan for and attempt recovery of bad sectors.

6. Click Start. You may be asked to reboot to start. Do it :)

Depending upon the size of your hard disk, this may take several minutes. For best results, don't use your computer for any other tasks while it's checking for errors.

Defragment your HardDrive

Follow instructions click here to Defrag your harddrive.

Please let me know how your diskcheck and defrag go and how your computer is running.
Go ahead and reinstall Spybot if you wish :thumbsup: I'll wait to hear from you :)
  • 0

#33
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red,
I had followed your instructions and when I got to
1. Run check disk
I rebooted and everything I typed in was gone.
Now it says " Windows can't check the disk while it's in use"
so I "clicked on" Schedule disk check

Edited by 1324, 13 September 2013 - 07:44 PM.

  • 0

#34
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
If or when you reboot it will start. You can do it now if you wish. It will take a bit of time to complete. Hope all else is well :)
  • 0

#35
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red,
Ok, removed all the programs you asked me to install
let Checkdisk ran overnite
then did a defrag on my hardrive and it is 0% fragmented :-)

Thank you for all the advise concerning keeping software up to date with FileHippo
and using "custom" when installing new software is excellent advise.

Will re-install Spybot S&D and run it
but the best news is

"636GB free of 681GB" on my hard drive!!!!

Thank you for all your help and patience
I have learned a lot from you :happy:

Thanks again,
Rich

P.S. What kind of virus did my computer have?

Edited by 1324, 14 September 2013 - 09:02 AM.

  • 0

#36
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red,
I just ran Mawarebytes and found and removed a virus, see attached, but everything seems fine.
I ran Malware a 2nd time and no viruses were found!!
Rich

Attached Files


Edited by 1324, 14 September 2013 - 10:53 AM.

  • 0

#37
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Rich

Awe! Shame on me! :blush: Now you've taught me something. Each tool has certain malwares in certain places it's best at removing. With Malwarebytes on your machine I had thought it'd been run and therefor neglected to ask for a scan. It is a remnant, just an orphaned registry key, harmless at this point. DefaultTab was one of the bad programs removed, that was a small piece of it.

According to the log you posted it was not removed, however.

Registry Keys Detected: 1
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> No action taken.

Run Malwarebytes again and remove it or make sure it's gone.

Ok, removed all the programs you asked me to install
let Checkdisk ran overnite
then did a defrag on my hardrive and it is 0% fragmented :-)


Excellent :thumbsup:

but the best news is

"636GB free of 681GB" on my hard drive!!!!


:D

Thank you for all your help and patience
I have learned a lot from you


You are very welcome. Thank you for your help and patience, and I have also learned from you :)


.... What kind of virus did my computer have?


Browser hijackers, Ask, Conduit, DefaultTab. Most ride in on relatively innocent downloads, a box not checked to add a toolbar or an internet search add-on, or a click in the wrong place. It's important to read when you're downloading something, not just click download and go. As for the space, all I can figure is Conduit went nuts. All of the bad files came in one day from what I can tell. Including the industrial size one.

Having two antiviruses on a computer is not helpful it actually would add to the problem because they fight themselves and you're left with little or no protection.

Run for a couple of days, let me know how it goes or if there are any problems :)

Surf safe :)
  • 0

#38
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red,
I believe I have set check disk to automatically run every day. Is that necessary?
When I went control panel>all control items>action center
it said that the Windows firewall and the Norton Anti virus firewall were turned off
I clicked on view firewall options and clicked Turn on Windows firewall - nothing happened!
The same thing happened when I tried to turn on the Norton firewall
but I believe both are turned on but I can't verify that - Please help.
Ran Norton - no viruses just a couple of cookies
Thanks,
Rich
  • 0

#39
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Rich

In the SecurityCheck scan earlier it says Windows Firewall is enabled...Lets take a closer look:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

#40
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
hi 32red,
Attached is the FSS.txt log you asked for.
Also, when I open CCleaner > tools > Drive Wiper > and check the box for my C drive it says "Access is Denied" even if I try to Run as Administrator the result is the same.
Thanks for persevering with me and my problems,
Rich

Attached Files

  • Attached File  FSS.txt   1.84KB   82 downloads

  • 0

Advertisements


#41
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Rich :)

Let's take a look to see how the Firewall is doing:

To check your firewall (be it a software application and or a hardware router in-built type) is correctly configured and there are no open service ports:

Please visit Shields-up by Steve Gibson.

•Scroll down the page and click on the 'Proceed' button/tab.

•Click on the 'All Service Ports' option, located under 'ShieldsUP!! Services'.

•The scan will now begin.

•If the result is anything but 'Your system has achieved a perfect "TruStealth" rating', post back which port(s) are 'Open/Closed'.

Let me know how it goes, please. After this we'll do some poking around in SecurityCenter if need be to make adjustments to fix the issue.
  • 0

#42
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red,
GRC Port Authority Report created on UTC: 2013-09-20 at 00:05:03

Results from scan of ports: 0-1055

0 Ports Open
3 Ports Closed
1053 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be OPEN.

Ports found to be CLOSED were: 135, 139, 445

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received
______________________________________________________________________

Name:
dcom-scm
Purpose:
DCOM Service Control Manager
Description:
Microsoft's DCOM (Distributed, i.e. networked, COM) Service Control Manager (also known as the RPC Endpoint Mapper) uses this port in a manner similar to SUN's UNIX use of port 111. The SCM server running on the user's computer opens port 135 and listens for incoming requests from clients wishing to locate the ports where DCOM services can be found on that machine.
Related Ports:
111
____________________________________________


Name:
netbios-ssn
Purpose:
NETBIOS Session Service
Description:
TCP NetBIOS connections are made over this port, usually with Windows machines but also with any other system running Samba (SMB). These TCP connections form "NetBIOS sessions" to support connection oriented file sharing activities.
Related Ports:
137, 138, 445
_______________________________________________________


Name:
microsoft-ds
Purpose:
Microsoft Directory Services
Description:
This port replaces the notorious Windows NetBIOS trio (ports 137-139), for all versions of Windows after NT, as the preferred port for carrying Windows file sharing and numerous other services.
Related Ports:
137, 138, 139

I hope this is the info you were looking for.
As always
Thanks,
Rich
  • 0

#43
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Rich :)
Excellent :thumbsup: Firewall is working! You only need one firewall on, which do you prefer? Norton or Windows?
Now. Let's take care of the SecurityCenter issue.

Please let me know how SecurityCenter is after this:


Please copy everything in the quote box below into notepad. To do this highlight all text, then right click and click Copy.


echo off
cls
echo.
echo Stopping Windows Management Service - please wait ...
net stop winmgmt
echo.
echo.
echo Removing Repository folder - please wait ...
rd /S /Q %systemroot%\system32\wbem\Repository
echo.
echo.
echo Starting Windows Management Service - please wait ...
net start winmgmt
cls
echo.
echo Done!






• Next, open Notepad, or click Start ~> Run and in the Open: box type notepad.exe and click OK.

• Right click in the notepad window and click Paste, or put (click) the cursor inside the notepad window and press the Ctrl & V keys to paste the text into notepad.

• On the File menu, click Save

• On the Save AS window that comes up, do the following:

* On the left side, click the Desktop Icon. This will put "Desktop" in the Save In: box at the top.

* At the bottom in the File Name: box type fix.bat

* In the Save as type: box, click the down arrow and click All Files(*.*)

* Click Save

This will put a new file on the Desktop named fix.bat

The file icon will look like this: Posted Image

Close that window and all other open windows and any open Browsers.

Right click to Run as Administrator the fix.bat file on the desktop to run it. Please accept the UAC prompt. A command window will open:

Posted Image

Press y to indicate Yes to continue if asked. Hit Enter

Power down, then restart the computer.

SecurityCenter should recognize everything now, please let me know how it goes :) as well as how is your computer running?
  • 0

#44
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
23red,
By Jove, I think you've done it ( I've always wanted to use that phrase). Start up is much, much faster. I suppose, I would like to use Windows firewall. If you can help me turn off Norton's firewall that would be great. One last thing, when I try to run drive wiper on CCleaner it says " access is denied" even if I run as administrator. Would you please help me with that?
Thanks a million,
Rich
  • 0

#45
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Rich :)
Which drive are you trying to run CCleaner drive wiper on?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP