[AlanY]

The computer is running normally now. Windows 7 recognizes Panda Antivirus too.

What was our issue back then? Were we dealing with a Malware?

I opened OS(C:) for housekeeping and found some folders unknown to both my sister and me. Are they necessary to keep? Nero Autobackup folder is present although we remember to have uninstalled Nero Autobackup some time ago.


There was a "Problem Reporting" balloon at the bottom right corner of the desktop stating:
"Windows
Problem: Shut down unexpectedly
Files that help describe the problem:
120313-20716-01.dmp
sysdata.xml
WERInternalMetadata.xml
View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer."

[Advertisements]

What was our issue back then? Were we dealing with a Malware?

We were not dealing with Malware. I think it is a Hardware issue.

I opened OS(C:) for housekeeping and found some folders unknown to both my sister and me. Are they necessary to keep? Nero Autobackup folder is present although we remember to have uninstalled Nero Autobackup some time ago.

You can delete manually the Nero Autobackup folder if you like. Which folders are unknown to you?

To keep it easier for me please make this (then I have a list what is on C:\ - I needn't copy every letter of your picture):

Command Prompt

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

• Click on the Start button and in the search box, type Command Prompt
• When you see Command Prompt on the list, right-click on it and select Run as administrator
• When command prompt opens, copy and paste the following commands into it, press enter after each
  
  dir C:\ >> %USERPROFILE%\Desktop\Muuuh.txt
  
  
• This will create a text file called Muuuh.txt on your Desktop. Please copy and paste the contents of this into your next post.

There was a "Problem Reporting" balloon at the bottom right corner of the desktop stating:

Hmmm. I will research that but in my opinion I wouldn't worry about that.

 

Some questions for you:

I.) When and why did you use ComboFix?
II.) When and why did you use TDSSKILLER?

If they are new please post the logs.

[Machiavelli]

What was our issue back then? Were we dealing with a Malware?

We were not dealing with Malware. I think it is a Hardware issue.

I opened OS(C:) for housekeeping and found some folders unknown to both my sister and me. Are they necessary to keep? Nero Autobackup folder is present although we remember to have uninstalled Nero Autobackup some time ago.

You can delete manually the Nero Autobackup folder if you like. Which folders are unknown to you?

To keep it easier for me please make this (then I have a list what is on C:\ - I needn't copy every letter of your picture):

Command Prompt

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

• Click on the Start button and in the search box, type Command Prompt
• When you see Command Prompt on the list, right-click on it and select Run as administrator
• When command prompt opens, copy and paste the following commands into it, press enter after each
  
  dir C:\ >> %USERPROFILE%\Desktop\Muuuh.txt
  
  
• This will create a text file called Muuuh.txt on your Desktop. Please copy and paste the contents of this into your next post.

There was a "Problem Reporting" balloon at the bottom right corner of the desktop stating:

Hmmm. I will research that but in my opinion I wouldn't worry about that.

 

Some questions for you:

I.) When and why did you use ComboFix?
II.) When and why did you use TDSSKILLER?

If they are new please post the logs.

[AlanY]

The unknown files and folders are:
- $INPLACE.~TR
- $WINDOWS.~Q
- _OTL
- _OTS
- 02ad01f6be9fba044074d9
- 2d89c3748fb92e40dc8546e44866
- 8b56ed24e6d45b9c2521bc61
- 790d7c6143ac29d8926d
- Apps
- Autodesk
- bb41696f87335fdefc345456
- Boot
- c4427e725a7b9f0773a9485937
- Config.Msi
- e1bb4c02294d8a11a385
- f251ca772d04456eacba35
- FRST
- perflogs
- Qoobox
- RegBackup
- SMCLpav
- SocketeQ
- Temp
- dell.sdr
- extensions.sqlite
- freefallprotection
- msdia80.dll
- RHDSetup
- VEW

Muuh txt is here:
Volume in drive C is OS
Volume Serial Number is A4A8-BA66

Directory of C:\

03/04/2013 04:07 AM <DIR> $INPLACE.~TR
02/04/2013 02:53 PM <DIR> $WINDOWS.~Q
13/01/2014 03:01 AM <DIR> 02ad01f6be9fba044074d9
13/01/2014 03:05 AM <DIR> 2d89c3748fb92e40dc8546e44866
13/01/2014 03:04 AM <DIR> 790d7c6143ac29d8926d
25/01/2011 05:15 PM <DIR> 8b56ed24e6d45b9c2521bc61
18/01/2011 04:05 AM <DIR> Apps
07/11/2012 03:59 AM <DIR> Autodesk
12/01/2014 03:02 AM <DIR> bb41696f87335fdefc345456
04/05/2012 12:38 AM <DIR> Boot
12/01/2014 03:04 AM <DIR> c4427e725a7b9f0773a9485937
14/04/2013 12:46 PM 24,867 ComboFix.txt
08/04/2012 08:01 AM <DIR> COMSOL41
12/01/2014 02:39 PM <DIR> Config.Msi
01/04/2013 08:44 PM <DIR> Dell
18/01/2011 05:13 AM 3,598 dell.sdr
27/03/2011 02:02 PM <DIR> downloads
16/11/2013 01:16 AM <DIR> e1bb4c02294d8a11a385
23/09/2012 01:46 AM 0 extensions.sqlite
13/01/2014 03:02 AM <DIR> f251ca772d04456eacba35
18/01/2011 03:45 AM 1,231 freefallprotection.log
02/01/2014 02:06 PM <DIR> FRST
18/01/2011 03:40 AM <DIR> Intel
15/04/2012 02:28 AM 1,040 log.txt
01/12/2006 11:37 PM 904,704 msdia80.dll
13/05/2011 01:18 AM <DIR> MSOCache
24/05/2011 12:55 AM <DIR> Nero Autobackup
11/01/2014 05:00 AM <DIR> perflogs
02/04/2013 01:42 PM <DIR> Program Files
12/01/2014 03:38 PM <DIR> Program Files (x86)
12/01/2014 03:39 PM <DIR> ProgramData
14/04/2013 12:46 PM <DIR> Qoobox
02/04/2013 03:19 PM <DIR> Recovery
13/04/2013 09:24 PM <DIR> RegBackup
18/01/2011 03:40 PM 2,320 RHDSetup.log
12/01/2014 02:25 PM <DIR> SMCLpav
26/10/2013 05:08 PM <DIR> SocketeQ
27/11/2011 05:06 PM 83,854 TDSSKiller.2.6.21.0_27.11.2011_17.01.47_log.txt
28/11/2011 12:05 PM 83,888 TDSSKiller.2.6.21.0_28.11.2011_00.03.07_log.txt
22/04/2012 02:28 PM <DIR> Temp
02/04/2013 02:27 PM <DIR> Users
09/04/2013 02:25 PM 13,833 VEW.txt
19/10/2011 05:34 PM <DIR> VisSim80
12/01/2014 02:18 PM <DIR> Windows
28/11/2011 12:59 PM <DIR> _OTL
20/02/2011 02:41 PM <DIR> _OTS
10 File(s) 1,119,335 bytes
36 Dir(s) 117,539,291,136 bytes free


Combofix and TDSSKiller are not new. Our computer had overheating issues over the years, so we consulted an expert. My sister and I can't recall using Combofix and TDSSKiller for our work. I suppose these softwares were used by the expert to attempt remove virus and malwares. A few months ago last year, our 640GB Hard Drive was replaced with a 500GB one. Hopefully the new hard drive doesn't cause problem this time.

[Machiavelli]

$INPLACE.~TR
$WINDOWS.~Q

These are leftovers from the Upgrade progress from Vista to Windows 7. So you did an upgrade?

- _OTL
- _OTS

BackUp Folders from OTL and OTS.

- Autodesk

Probably related to that here. Are you familiar with that?

The rest seems good.

The random folders seem to related to Windows Update. No need to worry about that.

 

Command Prompt

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

• Click on the Start button and in the search box, type Command Prompt
• When you see Command Prompt on the list, right-click on it and select Run as administrator
• When command prompt opens, copy and paste the following commands into it, press enter after each
  
  dir C:\Apps /s >> %USERPROFILE%\Desktop\Machiavelli.txt
  
  
• This will create a text file called Machiavelli.txt on your Desktop. Please copy and paste the contents of this into your next post.

 

Our computer had overheating issues over the years, so we consulted an expert.

An expert on the forum? If yes could you give me a link to the thread?

I suppose these softwares were used by the expert to attempt remove virus and malwares

Yep, never run CF without Permission of a Malware Removal Expert. It can highly damage your PC.

Hopefully the new hard drive doesn't cause problem this time.

We will do tests later for that ...

 

Any other issues we must deal with?

[AlanY]

These are leftovers from the Upgrade progress from Vista to Windows 7. So you did an upgrade?

No. The computer was Windows 7 since the beginning. I remember the expert also attempted to access the damaged hard drive when I couldn't boot up Windows 7. He told me he had to hack into the hard drive. Could his hack be related to this Upgrade?

Autodesk

Yes. It's my sister's work. She told me she had already uninstalled the software a long time ago.
I have deleted Nero Autobackup folder. It took up more than 12GB of space. Should I delete unnecessary folders?

Here is Machiavelli.txt:

Volume in drive C is OS
Volume Serial Number is A4A8-BA66

Directory of C:\Apps

18/01/2011 04:05 AM <DIR> .
18/01/2011 04:05 AM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 197,955,485,696 bytes free

An expert on the forum? If yes could you give me a link to the thread?

No, he was an expert from a computer shop. Okay. I won't use any software I am unfamiliar with.

Any other issues we must deal with?

Other than the repetitive Windows Update and Java Update errors, there is no more issue. The computer is running well now. Thank you so much for your help over the weeks!

[Machiavelli]

He told me he had to hack into the hard drive. Could his hack be related to this Upgrade?

You can not hack into a hard drive. You can only manipulate it etc. - better say I can't image what he hacked there (or what he means?). Anyway, the folders are clean - you can delete them if you like.

Should I delete unnecessary folders?

Yep, but make sure you uninstall the related programs first.

No, he was an expert from a computer shop. Okay. I won't use any software I am unfamiliar with.

Hmmm. Better use not CF without any specific reason.

Other than the repetitive Windows Update and Java Update errors, there is no more issue. The computer is running well now. Thank you so much for your help over the weeks!

Windows Update

• Click on the Start button and in the search box, type Windows Update
• When you see Windows Update on the list, open it - a window will open
• Click "Check for updates." You can find this option in the left panel. You will then receive a message telling you that important updates are available or that optional updates are available.
• Click the message. This will let you view the updates that are available.
  
  
  
• Select all updates (optional + important updates!).
• Click "OK."
• Click "Install Updates." If you're prompted for your password or confirmation, type the password and provide confirmation.

This will take time - it will install your updates. After it finished reboot the PC and report back if that solved your problem.

[AlanY]

You can not hack into a hard drive. You can only manipulate it etc. - better say I can't image what he hacked there (or what he means?).

The damaged hard drive couldn't be accessed by normal boot up, so he "manipulated" it at his shop. He accessed Windows 7 without our password. I hope I know more about his methods too.

Yep, but make sure you uninstall the related programs first.

What program does the "coded" folders belong to? For example, bb41696f87335fdefc345456.


Windows Update

I followed your instructions and rebooted the computer. While the updates were installing, this window popped up:

and ends up with this result.


After rebooting, I checked Windows Update again and it shows some more uninstalled updates, such as


This is the Windows Update history.

[Machiavelli]

The damaged hard drive couldn't be accessed by normal boot up, so he "manipulated" it at his shop. He accessed Windows 7 without our password. I hope I know more about his methods too.

That's weird.

What program does the "coded" folders belong to? For example, bb41696f87335fdefc345456.

These are related to Windows Update. You should be able to delete them if you like.

 

Fixing the Java Issue

Please download JavaRa to your desktop and unzip it to its own folder

• Right click on JavaRa.exe and select Run as Administrator, then click on Remove Java Runtime.
• Select the Java version you have from the drop down list, and then click on Run Uninstaller
• Press Yes if it asks to uninstall the product.
• Allow the uninstaller to remove the installed version.
• When its finished, go back to JavaRa, and click Back
• Click on Update Java Runtime and then select Download and install latest version.
• Press Next
• Press Java Manual Download.
• A browser window will open with the Java download page.
• Click the Windows offline link to download Java.
• Run the installer.
• Close JavaRa

 

Report back which issues do you currently have.

[AlanY]

I have deleted the random folders and now there are more than 12GB of extra space.

Fixing Java Issue:
There isn't any Java version to select on the drop down list.

[Machiavelli]

OK,

please uninstall all Java Versions manually, then run JavaRa again (right click on it and select Run as Administrator), click Remove Java Runtime, Click Next, click Perform Removal Routine at step 2, click Next after it has finished, at step 3 please click Download to download and install the new version.

[AlanY]

JavaRa ran perfectly. Java is now normal again.

There is no more issue other than Windows Update. It seems to fail again. This update history was taken from this afternoon.

[Machiavelli]

Your computer looks good to me. We are done so far - so well done! For the Windows Update problem please open here a thread: http://www.geekstogo...and-windows-7/.

 

I. Removal of Tools and other things

 

• Step 1: Removing FRST

Please delete the FRST Folder under your Main Drive (C:\FRST), then delete the FRST64.exe manually.

• Step 2: Uninstalling ESET (if you haven't already)

• Click on the Start button and select Control Panel
• Click on Programs then click on Uninstall a program
• You will now see a list of your installed software, double click on the following one by one to uninstall them:
  
  
  • ESET
• Once you have done this, reboot your computer

• Step 3: Malwarebytes

It is an on demand scanner so it will not conflict with your AntiVirus!
But if you want to uninstall it, then please follow these steps:

• Click on the Start button and select Control Panel
• Click on Programs then click on Uninstall a program
• You will now see a list of your installed software, double click on the following one by one to uninstall them:
  
  
  • Malwarebytes
• Once you have done this, reboot your computer

• Step 4: Removing other tools

You can remove SecurityCheck.exe manually.

 

II. Prevention and Future Guidelines

 

• Step 1: FileHippo's UpdateChecker

Download File-Hippo Updatechecker from here and install it. Please run it monthly - it will scan your Updatestatus. For example a program is out dated the UpdateChecker will give you a link where you can download the newest version of the respective program.

How to update programs with FileHippo Updatechecker?

• Start FileHippo Updatechecker
• You get redirected to a Website
• You probably see a list of updates (if not then all your critcal programs are up to date )
• Click on the first item of the list, download the Update, after that reboot the Computer and take the next item of the list!

• Step 2: Future Tips

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe!

[AlanY]

I see. Thank you again Machiavelli for being so patient with a computer amateur like me. I bid you all the best with the rest of your training.


AlanY

[Machiavelli]

Thanks and no problem.

[CompCav]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.