New
#21
Please answer the questions in Post #19.
It will help determine what else needs done.
Thanks!
Please answer the questions in Post #19.
It will help determine what else needs done.
Thanks!
yes the security update has worked and microsoft security essentials has upgraded, scanned and everything is fine!
Good to know!!
Please use the computer as much as you can today, and see how it goes.
Will get back with you later (maybe too late in UK). Have to go out for a while, and later need to review the thread and see if there is anything else we need to do.
Thanks for your patience. :)
Hopefully, all is going well.
Since ComboFix is no longer needed, we need to uninstall it. This program is very powerful, and just like it can perform repairs as it processes its 50+ phases, if used improperly when you need to act upon any of the information it displays, it can render a computer useless. Needless to say, it is not for casual use
if you do not know how or what to do in case of there are problems.
Please do the following to uninstall:
Click on the Start orb, and, in the Search programs and files field copy/paste: combofix /uninstall
(Note there is a space between combofix and /uninstall)
Press: Enter (on the keyboard)
A security warning appears asking if you are sure you want to run ComboFix.
Click on the Run button to start the program.
ComboFix uninstalls itself from the computer and removes any backups and quarantined files.
When finished, you are greeted by a dialog box stating that ComboFix is uninstalled.
You can now delete the ComboFix.exe icon from the Desktop (if still there).
Next...
Remove any fixlist.txt from the Desktop.
Open Notepad (Start > All Programs > Accessories > Notepad)
Copy/paste all the contents of the quote box below to Notepad (do not copy the word 'Quote').
Save it on the Desktop as: fixlist.txt
Run FRST from the Desktop again, press the Fix button once.start
DeleteQuarantine:
End
When done, you can delete the FRST icon from the Desktop (if still there).
Also, the following can be removed:
RogueKiller
Farbar Service Scanner
ActionCenterIcon.reg
AdwCleaner
Junkware Removal Tool
RestoreWindowsFirewallWin7.bat
TDSSKiller
HitManPro (free 30 days trial)
Last, let’s check your Security status with the following...
Download Security Check:
http://screen317.spywareinfoforum.org/
Save to your Desktop.
Double-click: SecurityCheck.exe
Follow the onscreen instructions inside the black box.
When done, a Notepad report opens automatically, called: checkup.txt
Please post the checkup.txt in your reply.
(Please do not take any corrective actions!)
To Remove AdwCleaner program from your PC
Right click on adwcleaner.exe choose Run as administrator to open the tool.
Click on Uninstall, then confirm with yes to remove this utility from your computer.
ok thanks guys I will get this done by the end of the day. It seems to be running absolutely fine. I often noticed CPU lag when I had multiple firefox tabs like (50+ which is low for me actually) on random occasions and also hard drive or gpu fan spinning too fast. This seems to have stabled out too !
Hi I'm sorry I never got back to posting the checkup.txt. Here it is (attached).
I uninstalled everything. One of them needed an update, but I ignored it and followed all the instructions above.
Finally, the updates were successful but, since the 9 days ago,,,there have been some more updates that I can't install. When restarting my pc I get the error message,, failure configuring windows updates, reverting changes and I'm left with 40.3 mb of important updates that need installing.
I really need to get this fixed before I attempt to copy my OS to an SSD and buy an extra internal HDD.
Oh wait, I didn't delete the fixlog... hang on....(ok basically I think I may have deleted any existing fixlog before I created that new fixlog) which I have now deleted, so I think that is ok
I hope you guys are still around :)
Still around...
You mention there are 40.3MB of updates needing installation.
How many individual updates do the 40.3MB contain and need installed?
Also, on the results of Security Check:
Currently shows:
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
Expected the following:
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
Let's find out what WMI is reporting for the AntiVirus...
Please go to Start > All Programs > Accessories > Command Prompt
Right-click the Command Prompt and select: Run as administrator
At the Command Prompt, type in: wbemtest
Press: Enter
At the Windows Manager Instrumentation Tester console, click: Connect
In the Namespace field type in the following and press Enter: root\SecurityCenter2
At the next window, click on: Enum Instances
At the Class Info prompt, type in: AntivirusProduct as the superclass name, and click OK.
How many AntiVirusProduct.instanceGuid= entries do you see?
Highlite and double-click each one and review its Properties.
Scroll down to displayName, and take note of the name displayed.
Double-click: instanceGUID
Copy and provide the Value
Close the Object Editor, and Close or Exit all the open windows.
Please provide the following info:
How many AntiVirusProduct.instanceGuid= entries do you see?
By displayName, what is the name displayed?
For instanceGUID, please provide the Value.
Next, please run Farbar Service Scanner once again.
Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Press: Scan
FSS creates a log, FSS.txt, on the Desktop.
Please provide the FSS.txt in your reply.
Also run the Farbar Recovery Scan Tool
Check the Addition option!!
Press the Scan button.
Also provide the FRST.txt and the Addition.txt in your reply.
When I type wbemtest I'm given that it is not recognized as an internal or external command operable program or batch file
anyone got any ideas?
Last edited by graphic333; 03 Aug 2013 at 15:38.
Hmm....
Try pressing the Windows key and the R key at the same time.
In the Run prompt, type the following in the Open area: wbemtest
Press: OK
Does it work, or do you get the same "...is not recognized as an internal or external command, operable program or batch file"?
If you get the same notice, at some point the malware may have altered the Windows Environment Variables.
To find out, please do the following:
Check that the wbem folder exists in C:\Windows\system32.
If it is there, access the Environment Variables as follows:
Go to Start, right-click Computer and select: Properties
On the left side, click: Advanced system settings
In the System Properties prompt, press: Environment Variables
In Environment Variables, go to the System variables area, and scroll down to: Path
Highlite Path, and press: Edit
In the Edit System variable prompt, right-click the Variable value, and select: Copy
Paste the value to Notepad.
Close/Cancel out of any prompts.
Please post the Path variable value in your reply, and let's see what it shows.
Example Path:
%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShel l\v1.0\