Please Help!

Hello,

I recently received this older computer from a friend. It had no antivirus program and/or software firewall programs installed.

I have noticed that it functions more slowly than it should, and that it is either very, very slow accessing some websites (e.g. Hotmail, Gmail, etc), or it won't load them at all (e.g. Paypal.com).

I also notice that the cursor is slightly off-center, meaning that when I need to type some information in a field, no cursor is there...and hitting TAB doesn't work...and clicking in the field doesn't place the cursor there. Typically, I need to spend some time hovering the arrow around the field, and then I can finally get a cursor there. This also happens if there is a button on a particular website that I want to press. Usually, the arrow hovering over it won't allow me to click and press... what I usually do is reload the page and quickly try to click the button. If I wait more than a second or two, it doesn't work and I have to reload and try again.

I have followed all procedures you listed here, and am attaching the relevant logs.

Once I can get this all cleaned up, I will install my preferred antivirus program and software firewall.

Any help you can give me will be much appreciated.

Thanks in advance!

 

Hello again,

First let me say thank you for your assistance.

I have followed your instructions exactly. Please forgive me for any obtuseness; It's not deliberate. I simply don't know very much about this sort of thing, and so I become worried if something unexpected occurs.

First, I ran RogueKiller.exe (as admin) and did a new scan. It found only those 10 items you mentioned... but it also created a new log as soon as the scan completed.

Next, I clicked the 'Files' tab - there was no 'Files/Folders' tab, so I'm assuming I went to the right place. There I saw the same 10 files... but there were no checkboxes to check. So I simply held down CTRL and highlighted all 10 and pressed delete.

At this point, the program A. created another new log, B. prompted me to reboot immediately, and C. when I exited the program, it asked me to confirm...stating "No files have been deleted." I exited anyway, but did not reboot, as per your instructions.

I then rescanned with HitmanPro (as admin). It found only those 4 files you mentioned. I deleted all of them, and then rebooted when the program prompted me.

Upon Windows restart, I noticed 2 new hidden files located on my desktop, both named: desktop.ini.

I rescanned with the two programs again, as directed, and am attaching those newest logs.

Note: since taking these actions, all symptoms have become much worse. Mouse scroll doesn't appear to work. I have no access to any of the programs I mentioned previously, and it has taken me over 2 hours simply to access this website (after the reboot) and to wait for each page to load (help thread, login, reply).

So... in this reply I will attach 1. the first new log of the day from initial scan with RogueKiller, 2. the second new log of the day following the attempt (?) to delete those 10 files with RogueKiller, 3. the third new log of the day from RogueKiller following clean-up, and 4. the new log of the day from HitmanPro following clean-up and reboot.

Please advise me as to my next step(s). At this point, the computer basically functions as a very expensive calculator.

Thanks in advance!

 

Thanks again... and sorry about the spam. I had no way of knowing if it was actually posting. From my neighbor's comp, I did manage to get to a screen saying my post had been accepted, but that it was awaiting moderation. The time from that last post to seeing it appear on the thread was an hour or so. But it also appears that the previous attempts also appeared as well...were they on hold for moderation as well?

I have followed all of your instructions as exactly as possible.

1. After the first step, it created a new log [1].
2. At step 2, there were again no checkboxes to check, so I once again highlighted and deleted the two files. Something did happen that appeared to be the desired deletion, but upon later clicking the DNS tab again to check...the files were once again listed. As well, doing this step created another new log [2].
3. At step 3, once again RogueKiller didn't have a specifically named tab called 'Files/folders' ... simply a tab labeled 'Files'. I clicked this tab and nothing appeared there. The following file wasn't present with which to take any action: ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$8b7efda8efdb9f06c8d7e2d7cc6035d5\U --> FOUND
As well, this also created a new log [3].
4. Finally, upon exiting RogueKiller, I noticed that a fourth and final log [4] had been created on my desktop.

I'm including all the logs that were created in this most-recent attempt (i.e. [1-4].

As well, the 2 instances of desktop.ini hidden files still remain on my desktop.
Also, no improvement as to my internet speed or access to the previously mentioned programs has occured.

Thanks again for all your assistance!

 

Thank you for your patience with me, Tim!

Ok, I ran RogueKiller again (as admin), and scanned.

I went to the DNS tab and found those two files, but again no checkboxes. Then I noticed a button on right side of the console labelled 'Fix DNS'. I clicked on this and the two named files disappeared from the DNS tab.

I am attachin the single new log created.

I'm not sure what to make of the 2 hidden desktop.ini files that remain on my desktop. As well, there is a new folder named 'RK_Quarantine' on the desktop that I'm not sure what to do with.

I am happy to say that something seems to have improved - internet speed seems to have gone up, but I haven't experimented enough yet to say things are fixed.

Are there any other things for me to check?

Thanks once again for all of your help!

 

update: after checking the computer's various functions... things are not well - though i have internet, i can't access those sites/programs i mentioned previously...as well this site takes about 30mins to load - i have 50M/10M adsl

please help - thank you

 

Hello again,

Thank you very much for sticking with me through this, Tim!

I followed your instructions and am attaching the requested log file.

Thanks again!

 

Tim, I do have have the original Windows 7 Home Premium disk, etc.

I followed your steps exactly, but when I got to step 5 (select operating system and click next) I got an error message saying something like, "The system recovery options on this disk are incompatible with the operating system installed."

There didn't seem to be any other proper action to take, so I simply removed the disk and restarted the computer.

Now, upon looking again...this computer has the 64-bit version of Windows 7 installed, but the original Windows 7 disk I have says 32-bit on the label. I'm guessing that this is the root of my problem in this particular fix.

Another problem is that I got this computer as a bequest from my best friend who passed away recently. The Windows 7 disk I have (32-bit) is what accompanied it. I can see the 64-bit Windows 7 product key stickers on the tower, as well as the OEM sticker from ACER, but apparently the disk is wrong. I'm not sure what to do, but I can say that being here in China, with a scarcity of English Windows in stock...sometimes the computer stores will do a little bait-and-switch with the OEM software, saving themselves the trouble of ordering a copy of English Windows.

Can you think of anything else I might try? Could I simply install the 32-bit version over the top? Or format and begin again from scratch with the 32-bit? Or could I order a different copy of 64-bit Windows 7 in English and proceed from there?

I'm sorry for the hassle, but I'm at a loss as to how to proceed.

Thanks again for your help and patience!

 

Hi Tim!

Good news...I managed to get the right disk, and then I followed your previous directions.

MBRCheck did not find any problems, and so I just clicked 'Enter' and exited. I am attaching the log from this latest scan.

Bad news...my problems, ie net access for some sites, are the same or perhaps a bit worse. For example, I can no longer load this website...so I'm having to write this from a different computer.

Please have a look at the latest log, and if you would be so kind, let me know what my next step(s) should be.

Thanks again for all your help and patience!

 

I did as you instructed and am attaching the requested file.

Thanks again!

 

Sorry...as I said in my first post of the thread, this computer had neither AV nor software firewall installed when I received it. It was my intention to install both once this system is clear of infection.

If that time is now, then I will proceed...but I'm wondering what you recommend - I'd like something both free, non-pestering, and with a small resource footprint. I was thinking about Avast! running alongside Outpost Firewall. Another friend recommended a program called AutorunEater to keep malware from infecting the system through the USB ports. What is your opinion?

I'm not sure what uTorrent is for, but I have gone into Preferences and deselected 'Run at Startup'.

There are two instances of Internet Explorer 9 installed on this computer: one has a x86 tag (and barely works at all), and the other has a x64 tag (which works fine for most but not all sites).

I have run CCleaner again, as instructed.

Thanks again, Tim!

 

Alright, Tim...

After running another scan with CCleaner, I went ahead and chose an AV program: Comodo AntiVirus... because it's small, free and includes a software firewall.

I also paid about $40 for a lifetime subscription to SUPERAntiSpyware Professional, and then I installed both of the above.

After updating the databases of both, I ran full scans and saved the logs. I have taken no other action besides that.

I am attaching the results here.

Thanks again for your help and patience!

 

Ok... I've downloaded, installed and tried it with the most problematic websites of the past - no problems.

Thank you!

I am still worried about the 'threats' found by both Comodo and SuperSpyware. I guess the latter has a setting for periodic checks, because it just started a new scan a few minutes ago, which I cancelled. But before I did, it had already found 27 threats compared to the 9 it found in the scan after I first installed it earlier today.

As well, I usually leave hidden files displayed as my default, but I am now seeing lots of these where there were none before (e.g. 2 separate desktop.ini files [created 2 years apart] on my desktop). Also there are quite some padlocked folders which deny me access. Is this normal?

Thanks again!

 

None that I'm aware of...

Firefox seems to have solved the browser issue.

Thanks again!

 

Thank you very much, Tim!

Everything seems to be running smoothly now.

1. I have kept Malwarebytes Anti-Malware installed.
2. RogueKiller and HitmanPro don't have uninstall options, so I just deleted them.
3. I have no Disk Emulation, but I did go to Folder Options and delected 'Show hidden files/folders'.
4. I also deleted all the other tools, including the RK quarantine folder.
5. I have reenabled UAC as directed.
6. I was never instructed to download, install or use HijackThis.
7. I ran the MGclean.bat file as directed.
8. I checked through the 'How to Protect yourself from malware' thread carefully, and A. took the extra step of altering the registry to disallow autoruns, B. downloaded the latest Java for Windows 7 x64 (note: the version listed in the thread is not the most current according to the 'Check latest Java version' link mentioned, C. I uninstalled all previous versions of Java, and D. then I installed the newest Java and rebooted.

After the above steps, I ran full scans with both my AV and SUPERAntiSpyware Professional. Both came up clear of infection.

I very much appreciate your time, help and patience. I understand the value of your help, and wonder if there is a way to donate to MajorGeeks?

Thanks again!