OK my friend so how is the computer running now?
If all seems OK then do the below.
Do the beloe if you did not do it from the other thread, not for Malware but purely for performance..
Left Drag mouse and Copy for Pasting all text in the box below. Make sure the slider bar goes to bottom from the @ to the end of the second exit.
Then paste to the black screen of an open command prompt. All may not apply so ignore errors.
Code:
@echo off
sc config Alerter start= disabled
sc stop Alerter
sc config AeLookupSvc start= disabled
sc stop AeLookupSvc
sc config ClipBook start= disabled
sc stop ClipBook
sc config Dfs start= disabled
sc stop Dfs
sc config FastUserSwitchingCompatability start= disabled
sc stop FastUserSwitchingCompatability
sc config TrkWks start= disabled
sc stop TrkWks
sc config TrkSvr start= disabled
sc stop TrkSvr
sc config DNSCache start= disabled
sc stop DNSCache
sc config ERSvc start= disabled
sc stop ERSvc
sc config HidServ start= disabled
sc stop HidServ
sc config PolicyAgent start= disabled
sc stop PolicyAgent
sc config CiSvc start= disabled
sc stop CiSvc
sc config IsmServe start= disabled
sc stop IsmServ
sc config kdc start= disabled
sc stop kdc
sc config LicenseService start= disabled
sc stop LicenseService
sc config Messenger start= disabled
sc stop Messenger
sc config Netlogon start= disabled
sc stop Netlogon
sc config NetTcpPortSharing start= disabled
sc stop NetTcpPortSharing
sc config mnmsrvc start= disabled
sc stop mnmsrvc
sc config NetDDE start= disabled
sc stop NetDDE
sc config NetDDEdsdm start= disabled
sc stop NetDDEdsdm
sc config NtLmSsp start= disabled
sc stop NtLmSsp
sc config SysmonLog start= disabled
sc stop SysmonLog
sc config RSVP start= disabled
sc stop RSVP
sc config SSDPSRV start= disabled
sc stop SSDPSRV
sc config upnphost start= disabled
sc stop upnphost
sc config WMPNetworkSvc start= disabled
sc stop WMPNetworkSvc
sc config WmiApSrv start= disabled
sc stop WmiApSrv
sc config WmdmPmSN start= disabled
sc stop WmdmPmSN
sc config RemoteRegistry start= disabled
sc stop RemoteRegistry
sc config RemoteAccess start= disabled
sc stop RemoteAccess
sc config SCardSvr start= disabled
sc stop SCardSvr
sc config TlnSvr start= disabled
sc stop TlnSvr
sc config UPS start= disabled
sc stop UPS
sc config WebClient start= disabled
sc stop WebClient
sc config DNSCache start= disabled
sc stop DNSCache
sc config JavaQuickStarterService start= disabled
sc stop JavaQuickStarterService
sc delete JavaQuickStarterService
attrib -h -s -r /s c:\jqs.*
del /f /q /s c:\jqs.*
sc config RpcSs start= Automatic
sc start RpcSs
sc config RpLocator start= Automatic
sc start RpcLocator
sc config MSIServer start= Automatic
sc start MSIServer
exit
exit
Post final HJT log!
Thread Closing-------------------------------------------------------------------
Some of these tools update so often they require downloading again later if needed. But keep and run MBAM and SAS to maintain.
Remove ComboFix
Start-Run
type
combofix /u
Hit enter or click OK.
Please download OTCleanIt
http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe
Save to desktop.
This will remove all the tools we used to clean your computer.
Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"
Approve all if prompted by Firewall. Approve Widows Defender or other guards or security programs while OTCleanIt attempting access to the Internet to allow all.
If prompted to Reboot click, Yes.
OTCleanit will delete itself when finished, If not delete it by yourself.
-------------------------------------------------------------------------------------
Run CCleaner
http://www.ccleaner.com/download/builds (get SLIM at bottom no Yahoo toolbar)
Run twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean. You may have this from the 8 Steps.
Run ATF-Cleaner
http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.
KCleaner
ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner. (When installing uncheck Relevant Knowledge do not install)
-------------------------------------------------------------------------------------
The issues can and are likely found is in System Restore so do the below
Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".
Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.
As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.
It clears what is known as Shadow copies which are used by specialized back up programs.
This is if you have the Volume Shadow Copy running which is the default.
-------------------------------------------------------------------------------------
ERUNT
Add a redundent Reg backup, get and install ERUNT let it add itself to startup and do a backup on install check all boxes.
ERUNT
http://www.larshederer.homepage.t-online.de/erunt/
Yes! Even if you use system restore and other backups Registry and Images.
-------------------------------------------------------------------------------------
Every two weeks or so, run MBAM and SAS until clean.
They take a while, so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be scheduled not to interfere with computer time.
If they find something they can not clean, then get back to us.
Additionally run CCleaner. ATF-Cleaner and KCleaner.
----------------------------------------------------------------------------------------
I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.
It was designed to be used with and to co-exist with other Virus scanners.
Additionally it uses a totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity.
It's like looking at it with 2 sets of eyes and from a different angle.
It works like some Firewalls do to learn what is good/bad.
After install it will ask you about everything that could be a security issue. For example the first time you run IE or FireFox it will prompt you. You would answer to approve and remember the setting. From then on no more prompts about IE or FireFox unless the exe changes like in an update.
As it queries you about the prompt to help you determine to approve or not you can google it with one click.
http://www.threatfire.com/Download/
-------------------------------------------------------------------------------------
Look at
http://www.javacoolsoftware.com/spywareblaster.html
Run SpyBot ocassionally and use the Immunize function.
http://www.safer-networking.org/en/download/
I highly reccomend Hostman: Hostman
http://majorgeeks.com/HostsMan_d4592.html
Download install run and allow it to disable DNS Client and select all Host files and then Update and install all host files.
A Disk Scan (chkdsk) and Defrag are in order.
Mike