Hello

I am newly registered to the forums, but not to the great advice from those at Major Geeks.com. Got great help in removing spyaxe with HJT and smitrem. It has been awhile and now I find myself with new problems. I find my calendar going back in time and my browsers coming up with "Page not found" after a short time on line. The computer will even shut down in the middle of any task and then tell me it recovered from a serious condition after taking forever scanning the hard disk. I get phantom audio and when I control-alt- delete I see no tasks running....strange behavior I can't explain

I am going to attempt the malware removal procedure, but need to know what is meant (how to) by emptying (delete, shred, send to recycle?) the quarantine folders of antivirus and antisyware. I found the webroot quarantine file, but cannot locate the McAfee file. I also have spybot, but when I run a fix it only sees 64 files and tells me things are just dandy.

 

Thanks Tim. I do not see anything questionable or out of the norm. I'll run the CCleaner.

 

Wow, there was a ton of junk in there.....gone now

 

Hmmnn...no... explore... in the start menu...How do I get that back?

 

Did the scan twice?... I fell asleep and woke to a rebooted computer...don't know if the second scan completed.... Still no.. explore... on the start menu... have to go to work...will try to catch up to any new advice or instructions....thanks

 

My documents folder comes up...???

 

Wouldn't opening my documents be the same thing?

 

Tim, I'll do the best I can. I am pretty tied up with other obligations at this time. I'll need to find the time to try and tackle the problem. Right now my problem is trying to find the hidden folders in windows. That is where I am now. seems i can't get there following the instruction....thanks

 

Tim, the file is saved to the registry...I have another problem....

when downloading Highjack this there was a trojan attached and my antivirus detected it and stopped the download.

Did I miss something?

I needed to remove and reinstall spybot S&D to get the updates. I also downloaded getrunkey and shownew.

 

I got the HJT from the author site and got the trojan Mcafee quarantined....Got the app from your site in Fl... Now in my download folder....

 

Tim, I have clicked the author site to download the HJT. S&D was not running. I got the trojan detected and cleaned message from McAfee. continued and then downloaded from MG's site. I now have the HJT in my download file.

I also downloaded counterspy. Do I need to install the HJT and counterspy or will they run from that location...??? Please advise

 

Updates from McAfee are up to date.

This is what testing my firewall returned:

Unable to Probe
The IP address requesting this page is different from the IP address of your computer. This indicates that your computer is behind a proxy or NAT. These devices allow you to access the Internet by relaying traffic, typically from multiple computers, through a single IP address.

We are unable to directly probe your computer, you should take comfort from this. You have that much more protection between your computer and the Internet.

 

Tim, it appears that after running Spybot S&D and the Counterspy that my computer is now free of whatever malady it had. Spybot fixed 11 problems and the Counterspy quarantined 5 items. I appreciate the help I did receive but a little disappointed in not having some questions I asked answered directly.

My original post contained the problems I was having:

I find myself with new problems. I find my calendar going back in time and my browsers coming up with "Page not found" after a short time on line. The computer will even shut down in the middle of any task and then tell me it recovered from a serious condition after taking forever scanning the hard disk. I get phantom audio and when I control-alt- delete I see no tasks running....strange behavior I can't explain


thanks again.... I'll try and keep up with this stuff....

 

Ok, when I find the time to finish the process I will continue with it. Don't get me wrong, I appreciate everything you do and the help you offer. This stuff is not as second nature for all of us. The Read and Run first is a bit to understand and getting all the tools into the machine to fix it takes time. Especially, when it wants to shut off whenever it feels like it. This is the longest it has run in a week.

 

Here is what I came up with. I reran CCleaner, Spybot and counterspy in Safe Mode. Followed instructions with Bitdefender and Panda ActiveScan in Safe Mode with networking and ran getrunkeys and shownew to this point.


Bitdefender txt is too large. It found numerous problems and deleted them. what would be the best way to show you?

 

Tim, I removed the viewpoint manager, but when i went to download the ComboFix I come up with a 404 not found message???

 

Thanks Tim,

Here is what you request

 

along with...

 

Thanks Tim, Moving right along...here are the results. After doing the fix in HJT and checking the log I find only yesterday's result....??? Cannot or it won't upload the file. There is now a folder titled backups, however....

 

Things are running very smoothly, I thank you very much! almost..almost like a new computer. I am grateful for your help and apologize for thinking I had much of the problems solved. Little do I know of the demons that were deep inside this thing. I need to do a serious clean up of all the other crap I don't need. I used to know a little about this stuff, but lost pace with new technology every second and little time to keep up with it.

Here are the scans...revisited

 

Oops!

 

Tim there was a problem. I did step 1 with HJT and it showed the three problems to fix after checking them. After running the avenger and pasting the file to delete the machine rebooted and was in the process when a no disk prompt came up. The notepad came up behind it with nothing in the log...empty...I had to reboot the computer to get rid of the no disk prompt???

Rescanning HJT...

are still there. Tried to fix again with no success.

 

Tim, ran ATF and here are those logs. Would have liked to got on here earlier today. I'll try and catch up.

 

Hello Tim, I used windows explorer and typed in the address: C:\WINDOWS\SYSTEM\blank.htm and got a cannot display message. Don't know what folder to look in manually if I am doing this right at all.

 

My hidden files come up as ghosts, Where do I enable viewing. I opened a couple and they show empty windows

The message reads:The page cannot be displayed

 

Found a bunch of hidden files in SYSTEM32 that had a prompt to show hidden files. It wasn't in there.

 

No windows was not empty. A ghost of the file like it is transparant I just got the same prompt for windows. File is not in the system

folder picsvr is 1 that is empty

I believe I may have been looking at hidden files all along?????

 

I don't see it, Tim. If everthing is in alphabetical order it is not where it should be.??