Denil Posted June 10, 2008 Posted June 10, 2008 My computer has suddenly slowed down.And what ever i uninstall it comes back on the next reboot.Another thing is that my saved games are washed until certain level.My schools are about to start please get me rid of this problem. Quote
Seth Posted June 10, 2008 Posted June 10, 2008 Welcome to Extreme Tech Support - Free PC Help Denil. Your computer could be infected with Malware. Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a combination of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. Required Cleanup StepsDisable the Spybot Search & Destroy TEA TIMER if you use it and if it is enabled Run a Temporary file and cache cleaner (ATF) Run 2 Anti-Malware scanners (Listed Below) Run an Online Anti-Virus / Anti-Malware Scanner (Listed Below) Clear out old System Restore points If continued Malware type activity is present you may be asked to post a TrendMicro™ HijackThis™ Log file, do not do so unless requested. The reason to run multiple scanners is to ensure that no single scanner is missing something. The time it takes will vary depending on your system and your internet connection speed. Typically the SUPERAntiSpyware and Malwarebytes scanners will take between 10 to 90 minutes. The ESET online scan should take between 1 to 3 hours. In most cases, these scans will suffice to clean and disinfect your computer. Heavily infected systems or slower PCs can take much longer to scan and clean. For best results print the following instructions and bookmark this Web page To keep this guide printer-friendly, use your cursor to highlight the contents below. From your browser select File - Print and in the printer dialog box under "Print range" click the Selection choice to print out these instructions for removal of malware.http://kixhelp.com/wr/images-freepchelp/printer-selection.gif__________________________________________________ STEP 1 Disable Spybot Search & Destroys' TEA TIMER: (if installed)Run Spybot-S&D in Advanced Mode. If it is not already set to do this Go to the Mode menu select "Advanced Mode" On the left hand side, Click on Tools Then click on the Resident Icon in the List Uncheck "Resident TeaTimer" and OK any prompts. Restart your computer. __________________________________________________ STEP 2 Follow these instructions carefully. Download ATF-Cleaner from Snapfiles.com to remove un-needed temporary files from your computer that may contain malware. You can also download it from Majorgeeks.com When you run ATF-Cleaner, check the items as shown below for Main. For FireFox, be sure to click on the FireFox tab on top and check the items as shown below for FireFox NOTE: If you don't have FireFox or Opera installed then they will be grayed out and can be ignored Then click on "Empty Selected". http://kixhelp.com/wr/images-freepchelp/atf-cleaner01.gif . http://kixhelp.com/wr/images-freepchelp/atf-cleaner02.gif__________________________________________________ STEP 3 Install and run the free version (not the Professional version) of SUPERAntiSpyware from SUPERAntiSpyware.com Accept any prompts to allow SUPERAntiSpyware to install the latest rules and infection definition files. You do not have to send them your e-mail address, just click next. You can leave the automated check for updates on. You can uncheck "Send a diagnostic report to research center" if you don't want to send the information. DO NOT allow SUPERAntiSpyware to protect your Home Page settings. On the Top Left select the Scan your computer button. Make sure there is a CHECK MARK on all Fixed Drives. Click "Perform a Complete Scan". Click "Next" to Repair issues found and reboot the computer when prompted to do so. __________________________________________________ STEP 4 Install and run Malwarebytes' Anti-Malware from Malwarebytes - (direct download) Accept all defaults for the installer Allow the program to update the definitions Click on the Quick Scan and click Next. If any items are found allow it to clean them and then Reboot your computer. __________________________________________________ STEP 5 Run an online scan with ESET from Free Virus Scan: Use ESET's Online Antivirus Scanner You must use Internet Explorer for this online scan. FireFox, Opera, etc will not work for this scan. If your computer is running Window's Vista, then you must first start Internet Explorer as an Administrator. To do so, right-click on the Internet Explorer icon in the Start Menu and select "Run as administrator" from the popup context menu. Accept the terms and click "Start". Once the scanner is ready, check "Remove found threats" AND "Scan unwanted applications". Click "Start" to begin the scan. When completed restart your computer __________________________________________________ Make sure your internet firewall security is enabled, and then please return to Extreme Tech Support - Free PC Help and tell us how the computer seems to be operating. At that time, you will receive instructions to assist you in removing malicious programs from your Add/Remove program list if warranted. If required this is the download link for TrendMicro™ HijackThis™ Unless instructed to by the Technician helping you then do not download this tool. Once you and the Technician agree that your system appears to be clean then you should delete all your System Restore points and recreate a new one. Please follow the instructions here How to turn off and turn on System Restore in Windows XP How to turn off and turn on System Restore in Windows Vista Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
Goku Posted June 10, 2008 Posted June 10, 2008 My computer has suddenly slowed down.And what ever i uninstall it comes back on the next reboot.Another thing is that my saved games are washed until certain level.My schools are about to start please get me rid of this problem. Hello and Welcome to Extreme Tech Support - Free PC Help Denil. :) Follow Seth's instructions and you will be up and running in no time. Please do post back when you have been through with the instructions. :) -- Goku Quote
Denil Posted June 11, 2008 Author Posted June 11, 2008 Please help me My computer has increased speed but still the softwares come back on reboot.:eek: Quote
Seth Posted June 11, 2008 Posted June 11, 2008 What exactly is coming back? Let's have a look at what's running on your computer via a program called HijackThis. Please download the latest version of HijackThis from Trend Micro and click on Download Hijack This Installer and save it to your desktop. Doubleclick HJTInstall.exe to install HijackThis. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad. Include this log in your next reply. Notes: Do not use the AnalyseThis button, its findings are dangerous if misinterpreted. Do not have Hijackthis fix anything yet. Most of what it finds will be harmless, or required for your computer to run like it should. Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
Denil Posted June 12, 2008 Author Posted June 12, 2008 Below is the log file. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:02:47, on 12-06-08 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\EMLPROUI.EXE C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\SCANMSG.EXE C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\UPSCHD.EXE C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE O4 - HKLM\..\Run: [Messenger] C:\PROGRA~1\QUICKH~1\QUICKH~1\scanmsg.exe O4 - HKLM\..\Run: [update Scheduler] C:\PROGRA~1\QUICKH~1\QUICKH~1\UPSCHD.EXE /CHECK O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A} (ZtServiceManager Class) - http://mvod.web.aol.com/mce/new/ServiceMgr.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing) O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Keyboard & Mouse Driver\KMWDSrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NT Online Protection - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\ONLNSVC.EXE O23 - Service: Quick Heal AntiVirus Plus Mail Protection - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROXY.EXE O23 - Service: Quick Update Service - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Quick Heal Helper Service WSC (ScanWscS) - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\scanwscs.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 5145 bytes Quote
Seth Posted June 12, 2008 Posted June 12, 2008 Hi Denil. While I examine the log, can you please post back with what program keeps coming back? Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
Seth Posted June 12, 2008 Posted June 12, 2008 Continued from above: Quick Heal isn't a very good AntiVirus program. Extreme Tech Support - Free PC Help recommends NOD32. The log doesn't show any malware significance, but it does show that none of three scanners I suggested are installed. Why is that? Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
Denil Posted June 12, 2008 Author Posted June 12, 2008 Ahhhhhhhhhhhhhhhhhh! Hi. Here any program i.e. my games project igi , M.o.h.a.a. etc my softwares such as quick heal and tweak vista, And my current saved games hitman 4 , call of duty 4 uptil some level. are coming back after rebooting on uninstalling. How does this happen the softwares you asked i completely installed and run but now the have gone.This is ****.Will this be ok after a format. yes one more thing.my windows is not able to format any of my disks. :eek: i am seeing my end. Quote
Seth Posted June 12, 2008 Posted June 12, 2008 Those are some serious problems Denil. Try a System Restore to a date prior to when the problems started: Control Panel > System and Maintenance > System Click "Advanced System Settings" from the left side panel Click the "System Restore" button from the "System Protection" tab. Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
Goku Posted June 13, 2008 Posted June 13, 2008 Its really a very bad case Seth. The virus or whatever it is won't even let me install Avira. Everything that you install or uninstall comes back after a reboot. I did a full scan with Avira but it detected only one virus and no more. I suspect that it is a Rootkit problem. I am running a rootkit scan now and will post back immediately with the results. Please give me some suggestion as I am really out of ideas. :) -- Goku Quote
Goku Posted June 13, 2008 Posted June 13, 2008 Also, the condition is very bad. I cannot boot from a CD and the BIOS boot settings are unchangeable. So any chance of a reinstall or a reformat is ruled out. He has called for a local tech but I don't see much hope for him considering he is locked on all corners. Please suggest me some ideas so that I can get a brainwave. :) -- Goku Quote
Denil Posted June 13, 2008 Author Posted June 13, 2008 Guys i made you worried its time to tell you the real thing. My brother installed deep freeze.And we now have to just bring it in thawed state to get my system into former state.;) No viruses and malwares were harming my pc. so lets get to work and goku is my best friend. bye! Quote
RandyL Posted June 13, 2008 Posted June 13, 2008 I'm confused by the last post. Can you explain to me please? Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Goku Posted June 13, 2008 Posted June 13, 2008 (edited) I'm confused by the last post. Can you explain to me please? Very uniformed of him indeed Randy. The problem is caused by a program called Deep Freeze. Though a very useful program, he installed it without thinking of the consequences. Therefore any changes he made were reset by Deep Freeze at the next reboot. And he didn't even mention to us that he had it installed! By the way, here are your instructions on how to uninstall Deep Freeze. They are found in the FAQ section of the official home page. Deep Freeze is installed on my machine. I would like to uninstall it. How is this done? And next time, please post the complete information including any recent changes before you ask for help. It might be very important in determining the cause of the problem. Whoosh! He really kept us on our heels. :) -- Goku Edited June 13, 2008 by Goku Quote
RandyL Posted June 13, 2008 Posted June 13, 2008 So the issue is resolved. The problem was a piece of software that was installed. Thanks for explaining it Goku and providing the links in case we come across this again. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Goku Posted June 13, 2008 Posted June 13, 2008 One more thing. If you want to use Deep Freeze but also want to make some slight changes occasionally, then you need to use the Faronics Mapping Tool designed specifically for it. That way you can secure your system and use it without any hassles too. :) -- Goku Quote
Seth Posted June 13, 2008 Posted June 13, 2008 Good knowledge. Yet another reason why, "Did you recently install a program" is essential. Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here
Denil Posted June 14, 2008 Author Posted June 14, 2008 hey i am done with it.thanks guys.And you are rocking Goku(the idiot). Quote
Goku Posted August 2, 2008 Posted August 2, 2008 This thread appears to be solved and is now closed If you are the original poster of this thread and need it re-opened, then please PM (Private Message) an Administrator or Moderator -- Goku Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.