Avast WEBforum
Other => Viruses and worms => Topic started by: Busymama62 on January 28, 2013, 06:35:16 PM
-
Hello everyone, A friend of my got the Green Dot on her laptop. She kept hitting control, alt, delete till she finally got the page to close. Then she shut down the computer. I gave her the info of how to get to this forum and that she needed to read the two push pinned articles and follow the instructions before posting. Well, when she tried to boot her computer it just kept switching from a blue to a white screen. What can we do or does it have to go in somewhere to be fixed? Thanks!
-
Hi what is the operating system XP, Vista, 7 or 8
Also is it a 32 or 64bit system ?
-
This is what she said..."I'm not sure about the bits but its an hp notebook mini with windows 7 starter, Intel Atom inside." Then she added "It just says hp mini."
Thank you Essexboy!
-
OK we will work on 7 32bit
Download the following three programmes to your desktop :
1. WiNTBootIc (https://dl.dropbox.com/u/73555776/WiNToBootic.exe)
2. Windows 7 RC (http://www.forum.probz.net/index.php?/files/file/18-windows-7-recovery-environment-iso/)
3. Farbar Recovery Scan Tool (http://download.bleepingcomputer.com/farbar/FRST.exe)
Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot
(http://dl.dropbox.com/u/73555776/wintoboot.JPG)
Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It
You will see it progressing
(http://dl.dropbox.com/u/73555776/usb%20progress.JPG)
It will let you know when it is done
Then copy FRST to the same USB
(http://dl.dropbox.com/u/73555776/frstwintoboot.JPG)
Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here (http://pcsupport.about.com/od/fixtheproblem/ss/bootorderchange.htm)
When you reboot you will see this although yours will say windows 7. Click repair my computer
(http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg)
Select your operating system
(http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277202.jpg)
Select Command prompt
(http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg)
At the command prompt type the following :
notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
(https://dl.dropbox.com/u/73555776/FRST%20Start%20scan.gif)
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
-
Thank you! Will work on getting these downloaded, then set up a time with Denise to get together and then will post results.
-
Well, I am unable to get it to boot from the USB. Would the reason be that it is "Windows 7 Starter"? If I push and hold cont, alt, delete I can get the Windows & Starter Page with these choices "lock this computer" "Log Off" "Change Password" "Start Task Manager" "Cancel" and then an shut down button with the options of "Restart" "Sleep" "Hibernate" and "shut down". There is also an "Ease of Access" button. At least now I can do a complete shut down, she was just putting it to sleep or in hibernate I think. I do have the laptop at my house now so tht it will be easier to work on. Some info from Bios that may or may not be helpful...Notebook Model HP Mini 21-=1000, Product Number WK988UA#ABA, System Board ID 3660, Processor Type Intel (R) Atom (TM) CPU N450 @ 1.66GHz, Processor Speed 1666 MHz, Memory Size 1024 MB, Bios Version F.12, Bios Vendor Insyde, Serial number CNF026086W, UUID Number 434E4630-3236-3042-3657-C80AA9D667BA, Product configuration ID 04A110000020210010300000, Factory installed OS Win 7. The choices for Boot Type Order are "Notebook Hard Drive", USB Diskette on Key/USB Hard Disk, this is the one I chose, I used a 1G Flash Drive Stick, "USB CD?DVD Rom Drive", and "USB Floppy" and then "Network Adapter" which has an ! in front of it and the notes state that if it has a exclamation mark that the boot capability will be disabled. Hmmm I went back to the Boot Options page and here is what it lists..."Post HotKey Delay (sec) <0>", "Hp QickWeb <Disabled>, "CD Rom Boot <Enabled>", "Floppy Boot <Enabled>", "Internal Network Adapter boot <Disabled>", and then below that is "Boot Order"
I am able for a few seconds at a time to see her desktop but then it flash to a white screen and usually sits there for awhile and sometimes flashes to a blue screen with a faded windows logo.
I figure I have provided a bunch of info that you don't need but hopefully there is something in the info that will help. Thank you so much for your time and assistance!
Linda
-
Are you able to change the BIOS boot order so that the USB is first ?
Are you able to access the safe mode menu ? Boot the computer then press and hold F8
-
I thought I was changing it to boot with USB. The USB light would flash when booting but didn't do what it was supposed to do. Yes I can get into safe mode menu. This is what pops up on the screen when I push F8
Repair Your Computer
Safe Mode
Safe Mode with Networking
Safe Mode with Command Prompt
Enable Boot Logging
Enable low-resolution video (640x480)
Last Known Good Configuration (advanced)
Directory Services Restore Mode
Debugging Mode
Disable automatic restart on system failure
Disable Driver Signature Enforcement
Start Windows Normally
Description: View a list of system recovery tools you can use to repair startup problems, run diagnostics, or restore your system.
-
Select this and let me know if you can get in Safe Mode with Networking
If so then
- Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) and save it on your desktop.
NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
- Quit all programs
- Start RogueKiller.exe.
- Wait until Prescan has finished ...
- Click on Scan
(https://dl.dropbox.com/u/73555776/RKScan.GIF)
- Wait for the end of the scan.
- The report has been created on the desktop.
- Click on the Delete button.
(https://dl.dropbox.com/u/73555776/RKDelete.GIF)
- The report has been created on the desktop.
- Next click on the ShortcutsFix
(https://dl.dropbox.com/u/73555776/RKFixShortcuts.GIF)
- The report has been created on the desktop.
Please post: All RKreport.txt text files located on your desktop.
-
Well, I chose Safe Mode with Networking thought it was working because it showed all this windows stuff loading, then showed a safe mode screen then flashed to the all white screen and that is where it is staying.
-
Well now every so often, it flashes to a black screen that has safe mode in all four corners
-
Could you burn the ISO to a CD and try to boot from that
-
I don't think so. The CD will not open on the desk top and I had to do most of the downloading from it because one of the programs I could not access thru the IBM Thinkpad. I will try again though. If I have CD burning on the thinkpad, may need to install something first.
-
What does the think pad have on it win 7 ?
-
Both the desktop and Thinkpad have Windows XP, I take work back and forth from both computers so wanted the same operating system.
-
OK then you may need something like ImgBurn http://www.imgburn.com/
-
Will close everything else and download and be back hopefully soon. Thanks!
-
Can I use DVD=R for this or do I need to go get some writable CD's?
-
Not a problem, the one of these that I had yesterday was actually killed by Avast when it tried to load on boot
Whichever you have handy ;D
-
Can I just burn it from the usb to the DVD? Do I need to download again? Thanks!
-
Great! It is telling me the disc is not writable. Let me see what else I have.
-
All that just to discover that this computer does not have a CD!!! I went back into Bios and tried again to change the settings to USB boot. THought it was working because it booted differently and looked like it was reading the USB but I am not getting what you said to watch for. First I got a request of Keyboard language, I chose English. Now I have a window that says System Recovery Options Choose a recovery tool Operating system: Windows 7 on (D) Local Disk
Startup Repair
System Restore
System Image Recovery
Windows Memory Diagnostic
Command Promt
Then I have the choice of Shut Down or Restart
I am fixing to have to leave the house and will just plug her computer in and leave it sitting. I hope that will be ok.
-
OK you are in the right place now .. You need to select Command prompt
At the command prompt type the following :
notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
(https://dl.dropbox.com/u/73555776/FRST%20Start%20scan.gif)
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
-
This is the response I get "G:\frst64.exe is not recognied as an internal or external command, operable program or batch file."
I popped the drive into my laptop to see what files are on it and this is what it shows in folder form
"boot"
"sources"
"bootmgr"
"FRST
Farbar"
I must have something not quite right. I tried the flash drive in all three of her USB ports, and for some reason when I put it int he last one it brought up the command prompt window 3 more times.
-
Hi call me a numpty I mistyped .. Sorry it should be
G:\frst.exe
-
Glad I am not the only one that mistypes! Now it is saying that this version of Farbar Recovery Scan Tool is 6 days old and do I want to download the latest version. I don't need to do that do I?
-
No continue as the basic data is what I am after
-
Had to do as an attachment the file was to long.
-
Download the attached fixlist.txt to the same USB as FRST
Run FRST and press FIX
On completion reboot to normal windows
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
Secondary link (http://www.itxassociates.com/OT-Tools/OTL.exe)
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
(https://dl.dropbox.com/u/73555776/OTL_Main_Tutorial.gif)
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
-
To reboot in normal windows mode, do I need to go into bios? On restart it is bringing up the System Recovery Options Window again.
-
Well, I got OTL downloaded and managed to start the scan before I saw that I needed to type some stuff into custom scan. Will have to let this finish and start the scan again. Sorry!
-
Not a problem .. We will now just need to do the tidying up
-
I forgot to say that in the OTL the 64 bit option does not show up, so it is running without it. It appears that her Norton "BLAH" has expired and I have permission to download Avast and Malwarebytes. She is using IE and I will be suggesting Mozella to her as I feel that it is safer.
OTL document is attached.
-
OK we will now remove some garbage, replace the services file which is infected and carry out some repairs. The desktop wall paper will need to be replaced as it is a Funweb one ..not good
Once that is done I will then prepare the system for Avast ;D
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:OTL
SRV - [2012/03/06 20:15:31 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNxpt790CJUS&ptnrS=ZNxpt790CJUS&si=120088&ptb=1OXQxGZHniXMAvyVDAN2ow&ind=2012030621&n=77ed269d&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-2843368061-1495724786-861422060-1000\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\S-1-5-21-2843368061-1495724786-861422060-1000\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNxpt790CJUS&ptnrS=ZNxpt790CJUS&si=120088&ptb=1OXQxGZHniXMAvyVDAN2ow&ind=2012030621&n=77ed269d&psa=&st=sb&searchfor={searchTerms}
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2012/03/06 20:15:51 | 000,000,000 | ---D | M]
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\S-1-5-21-2843368061-1495724786-861422060-1000\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKU\S-1-5-21-2843368061-1495724786-861422060-1000..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKU\S-1-5-21-2843368061-1495724786-861422060-1000..\Run: [PopularScreensaversWallpaper] C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (FunWebProducts.com)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Reg Error: Value error.)
O24 - Desktop WallPaper: C:\Users\leon\AppData\LocalLow\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
[2012/12/18 14:04:38 | 000,184,832 | ---- | C] () -- C:\Users\leon\AppData\Roaming\ldr.mcb
:Files
C:\Program Files\MyWebSearch
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)
(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
FINALLY
Download AdwCleaner from here (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner) to your desktop
Run AdwCleaner and select Delete
(https://dl.dropbox.com/u/73555776/AdwCleaner.GIF)
Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
-
I will have to change her download settings to install to desktop. I thought I could do that but when I go in to the downloads settings on internet explorer I do not see Desktop. What should I do. I did have to restart again, the "touch pad" has locked up on me twice. Also when I try to go online I keep getting Do you want to allow the following program to make changes to this computer? Java SE Runtime Environment 7 Update 9 Publisher Oracle America. For now I am choosing No but am afraid I may be wrong in doing so.
OTL Report attached will do the others once I figure out how to save to Desktop.
-
When you click the links a small bar should appear at the bottom of IE
Click the arrow next to save and you will be given the option to choose where to save it
-
Still don't see Desktop, I have as my choices "Computer, Local Disk C, Then different files and folders.
-
Select computer and that should open up to show the desktop
-
It opened up and is showing Local Disk C, Recovery D, HP Tools E.
-
Sheesh typical ;D save it to the root c drive and then copy to the desktop please
-
ARRRGGGG!!!! "You Don't have permission to save in this location. Contact the administrator to obtain permission. Would you like to save in the leon folder instead? Leon is my friends husbands name.
-
Save it there then copy to the desktop please. Are you able to logon to the admin account ?
-
Where would I find the adm account?
-
I just checked you are in an admin account.. Combofix should cure that problem
-
I am not sure the firewall is turned off. I think Combofix is downloaded it just had a firewall type warning about this file is not commonly downloaded. I think I have successfully copied Combofix to the desktop. Do I proceed?
-
I think Norton may cause me issues. I can not disable it because the subscription has expired. Should I just go ahead and uninstall it since we will be putting Avast and Malwarebytes on the system? The Norton's help page you provided in the link does not help since her subscription has expired. Thanks!
-
Yes please, try too turn off Norton. If you can't then continue and accept the combofix warnings
-
I can't access the settings in Norton because it has expired. Would it be better just to delete it before doing the Combofix? I just talked to my friend and they are not planning on renewing the Norton.
-
Aye uninstall combofix may still moan but let it run and we will remove the rest of Norton later
-
Please find the Combofix report attached. As far as how the computer is running. Sort of hard to say since this is actually the first time I have used her computer. Some applications have windows that pop up wanting to know if I want to run the update. I keep clicking no for now, after the computer is protected I will let them download. The only issue so far that I have noticed is the touch pad locks up. Just did so again and I had to do an improper shut down to be able to get things working again.
I am now posting from her computer.
-
Upon reboot after the Adware removal tool, the computer has a window that says "System Recovery Options" and for me to choose a language. Am I supposed to be seeing this?
-
What I decided to do was to shut down and it wouldn't let me. I turned the power off and then on reboot had my report. The adwcleaner report is attached. Something called jucheck.exe is flashing in the bottom toolbar and is saying it is requesting my permission. For now I am going to ignor it as I don't know what it is and my friend said as far as she knew the Norton was the only virus program. The icon to this is a gold and blue shield.
The touchpad just locked up again and the only thing I have been able to do is contl/alt/delete which takes me to a shut down page but the touchpad will still not work and I have to manually turn the power off.
-
Could you confirm that the USB is now removed when you boot.
My recommendation would be to uninstall Java totally via control panel.
A programme is probably failing to release when the system shuts down we will investigate that next
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/) and this article (http://www.nbcnews.com/technology/technolog/us-warns-java-software-security-concerns-escalate-1B7938755).
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/))
Download the Norton removal tool from here http://www.bleepingcomputer.com/download/norton-removal-tool/ the blue download button
Download Avast from here http://files.avast.com/iavs5x/avast_free_antivirus_setup.exe
Run the Norton removal tool and reboot
Then run the Avast setup file to install
Once completed could you let me know how the machine is behaving
-
Well, Last night I shut the computer down because it felt very hot, noticed when I did so it was installing updates. I did this am change the boot order back to notebook/hard drive. I notice now that there is one more missing icon from the desktop other than the Norton, this not being my computer, I don’t know what it was. We will not worry about that.
I did uninstall Java, however, she may want to reinstall it. If so I will help her turn disable it till needed. That is what I am doing on our computers because some of the coupon printing programs I use, use Java. She has Google Chrome installed and I don't use Google Chrome, every time it has been installed on our computers it would cause issues, with system lock ups. I used IE to test her computer and visited a few other pages with no problem, slower than my system but that may just be that system.
Upon reboot I did let the Adobe Reader and HP install updates. Once I uninstalled Java the shield icon at the bottom of the screen that was flashing did disappear. The only issue I have noticed is on reboot/restart I get this error message "Unable to locate suitable Java RunTime Environment on this machine.
Thank you!
-
There may be a heating problem on the system
Lets see if we can stop the Java
How is it behaving otherwise ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
(https://dl.dropbox.com/u/73555776/OTL_Fix.GIF)
:OTL
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 10.9.2)
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
-
Java error window still popped up on restart. I think other than that it seems to be running fine. I surfed the web a bit and didn't have any problems. Her system seems slower to respond to clicks of the mouse than mine but I am thinking that is probably this system. Today it doesn't seem to be getting as hot so I wonder if it was related to the lock ups I was having yesterday. I just noticed that one of her USB ports did not register my flash drive just now. That may be one reason I had trouble doing the initial boot from USB.
Please find the OTL report attached.
-
Download Javara from here http://fileforum.betanews.com/detail/JavaRa/1207335071/1
Run it and click Remove JRE
That should stop it unless there is a programme requiring Java, although I can see none
Lets clear my rubbish now and see how the computer behaves
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Remove ComboFix- Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
- In the Run box, type in ComboFix /Uninstall
(Notice the space between the "x" and "/")
then click OK
(http://i1224.photobucket.com/albums/ee362/Essexboy3/Misc%20screen%20shots/CF_Uninstall-1.jpg)
- Follow the prompts on the screen
- A message should appear confirming that ComboFix was uninstalled
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Malwarebytes (http://www.malwarebytes.org/mbam-download.php).
Update and run weekly to keep your system clean
Download and install FileHippo update checker (http://www.filehippo.com/updatechecker/) and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport (http://www.trusteer.com/Products/Trusteer-Rapport-for-Online-Banking)
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit - Microsoft Windows Update (http://windowsupdate.microsoft.com)
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? (http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/)Keep safe :wave:
-
Well, I am just now getting to this today and the first time I went to the site to download JavaRa the browser locked up so I did End task and opened it again. Clicked download and open instead of run, then the touch pad locked up on me. As late as it is here for me and being Wednesday it will probably be tomorrow before I get all of this done. Wed. evenings are very busy for me. I will get all of it done and if things seem to be ok, I will let my friend do the 24 hour test drive since she is the one that uses the computer. Sorry, But will be back. Could there be something causing the touchpad to lock up or could it just be something that I am doing or not doing? I prefer a mouse so I do not use a touch pad much at all.
Thanks again!
-
Ref touchpads I dislike them as well which is why I have never had a laptop
Let me know how it goes as it may just be a one off
-
Well, sorry but I am having trouble. There is not a "MY Computer" on her system. I tried going into start, computer, local drive c, tools but the only options I have are Check now for drive errors, and On that I see that blue and gold shield, Defrag, and back up now. So I am not where I need to be. Also, the Adwcleaner is still showing on the desktop.
A couple of questions. What is your opinion of Google Chrome. Anytime we have installed it on our systems it would cause the system to hang/lock up. So we have just completely uninstalled it. She has Google Chrome installed and I don't know if it is a good idea or not.
I did speak with her and she said she thinks there is one program that does use Java but can't remember which one. I told her that during the 24 hour test drive she needs to do anything and everything she uses her system for so we can see how it is running and that if she needs Java we will reinstall and I will show her how to disable/enable.
So, I am at the point in your last directions to where I am supposed to do the My Computer and files, I have not done any of the instructions that followed that.
Thank you so much for all of your help. Oh and your tidying up comment has made me remember I don't think I ever completed something on our desk top so I am going to go back thru my messages and ck that later. Once we have this system finished.
-
OK another way is to go to control panel and click folder options you will find it there ;D
-
I asked and she does do online banking but I never found a download link for Trusteer Raport. While we are there is Trusteer Raport good on any system? We do online banking also. Thanks! Fixing to go ahead and ck the Windows Update link to see if her system is registered for automatic updates. I think it probably is because of the time I did a shut down after finally getting the system going and it was doing several updates on shut down. Thanks!
-
For Trusteer fill in the details on this page http://www.trusteer.com/download-trusteer-rapport
Select your bank in the dropdown, if it is not there select other
Once done you will be given a download link
-
Well, I used the link, filled out the info and when I clicked submit it said I was forbidden to see the web page. What I am going to do for now, is get the computer back to my friend this afternoon so she can be testing it. We need to find out program is wanting to use Java so she can decide if we need to reinstall Java or not. I told her I will find out what to do about the adwcleaner0 that is still showing up on the desk top. Thank you!
-
You can delete adwcleaner0 from the desktop, I will check our trusteer again
-
I spoke with my friend and she said the test drive has gone great. She is very thankful and wanted to make sure that I thanked you.
-
My pleasure and I am glad as is well ;D