• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

Desktop icons gone

S

Sirius

Flightless Bird
Not mine, hers. I'm not sure why. She has Free AVG... i guess it's not the
best. And with AVG she had not good firewall..

"PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
news:eNVfoYV$KHA.1448@TK2MSFTNGP06.phx.gbl...
> Why dint ur av app catch it?
>
> Sirius wrote:
>> It found o.dat that was missed by mbam and dr. web.
>>
>> "PA Bear [MS MVP]" <PABearMVP@gmail.com> wrote in message
>> news:e0kVhDQ$KHA.980@TK2MSFTNGP04.phx.gbl...
>>> QED: Why did it find anything?
>>>
>>> Sirius wrote:
>>>> Thank you, Jose. I did a scan in safe mode with DR Web Cure it an
>>>> quarantined everything it found.
>>>>
>>>> I was able to run a safe mode scan with mbam older version.
>>>> I can not get the new verison of mbam to work.
>>>> Keep getting the "mbam error expanding variables 0 9".
>>>> Every scan takes a very long time because there is a lot.
>>>>
>>>> Now I am doing Avast boot time scanner. I'll post back with what you
>>>> suggested when finished.
>>>>
>>>> Thanks again.
>>>>
>>>> "Jose" <jose_ease@yahoo.com> wrote in message
>>>> news:e9433a4b-574a-4d1e-8d9f-acd9b94118e2@o12g2000vba.googlegroups.com...
>>>> On May 26, 12:12 pm, "Sirius" <nospam22-nos...@yahoo.nul> wrote:
>>>>> It's happening in safe mode also.
>>>>> Is there a way to manually extract a copy of the registry from a
>>>>> restore
>>>>> point?
>>>>>
>>>>> "Db" <databas...@hotmail.com> wrote in message
>>>>>
>>>>> news:C1615B6A-FD0F-408B-ACAE-77D6C8439838@microsoft.com...
>>>>>
>>>>>
>>>>>
>>>>>> sometimes when the desktop
>>>>>> fails to load,
>>>>>
>>>>>> it is a sign of a problem with
>>>>>> the registry hive.
>>>>>
>>>>>> you might try opening the
>>>>>> task manager and killing all
>>>>>> instances of explorer.exe
>>>>>
>>>>>> then launch a new instance
>>>>>> of explorer.exe
>>>>>
>>>>>> however, given that you are
>>>>>> also unable to amend the
>>>>>> startups in msconfig,
>>>>>
>>>>>> the issues above may be
>>>>>> indicative of a serious problem
>>>>>> with the registry hive
>>>>>
>>>>>> the registry hive, like any file
>>>>>> on the disk can become un-
>>>>>> indexed by the mft.
>>>>>
>>>>>> there is also a possibility that
>>>>>> a program has locked up the
>>>>>> registry to keep it from being
>>>>>> modified.
>>>>>
>>>>>> the above can be caused by
>>>>>> malware or some anti viral
>>>>>> program that was intentionally
>>>>>> installed.
>>>>>
>>>>>> because there are several
>>>>>> methods to address the issue
>>>>>> or issues above,
>>>>>
>>>>>> my first suggestion is to
>>>>>> simply boot into safe
>>>>>> mode.
>>>>>
>>>>>> in there you can see if
>>>>>> performance is better than
>>>>>> in normal mode.
>>>>>
>>>>>> in there you can use system
>>>>>> restore and see if there is a
>>>>>> functional point to execute.
>>>>>
>>>>>> in there you can amend the
>>>>>> startups and services via
>>>>>> msconfig;
>>>>>
>>>>>> disabling all startups and
>>>>>> non microsoft services.
>>>>>
>>>>>> --
>>>>>> --
>>>>>> db·´¯`·...¸><)))º>
>>>>>
>>>>>> DatabaseBen, Retired Professional
>>>>>
>>>>>> ~~~~~~~~~~~~~~~
>>>>>> This NNTP newsgroup is evolving to:
>>>>>
>>>>>> http://answers.microsoft.com/en-us/default.aspx
>>>>>
>>>>>> "Sirius" <nospam22-nos...@yahoo.nul> wrote in message
>>>>>> news:e3sPxWN$KHA.5916@TK2MSFTNGP04.phx.gbl...
>>>>>>> Hello People
>>>>>
>>>>>>> This is my friends computer - again. It seems she really got it
>>>>>>> messed
>>>>>>> up.
>>>>>
>>>>>>> Also some programs missing from the start menu also, like system
>>>>>>> restore.
>>>>>>> I was able to access system restore from the help and support, went
>>>>>>> back
>>>>>>> about a month, but the icons did not come back.
>>>>>>> Some minor spyware and adware infections were found.
>>>>>
>>>>>>> Also, in msconfig I can't turn off some startup items. After I
>>>>>>> uncheck
>>>>>>> them they keep coming back. They are:
>>>>>
>>>>>>> ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).
>>>>>
>>>>>>> Is there any way to get back her icons - I'm not even sure what she
>>>>>>> had
>>>>>>> exactly -? Or are they gone forever?
>>>>>
>>>>>>> Thank you.
>>>>
>>>> If I were you, I would stop "trying" things. You can try things all
>>>> day long nd it doesn't seem to be working very well.
>>>>
>>>> Did booting in Safe Mode help you at all? Describe what you learned
>>>> from that exercise and what you will do next.
>>>>
>>>> You need to have some known starting point so get there and then work
>>>> on the issues. Nothing you describe sounds too terrible, but some of
>>>> the ideas to get your system working are way overboard - but, you can
>>>> do what you want of course.
>>>>
>>>> You should stop messing with msconfig, turning things off and on,
>>>> don't worry about extracting just registry files from a restore point,
>>>> etc. If SR is missing or borken, no problem - we can fix it later
>>>> but first you need to get stabilized.
>>>>
>>>> If your system boots and can get on the Internet, you con't need to
>>>> slave it in another machine - fix it where it is.
>>>>
>>>> To eliminate questions and guessing, please provide additional
>>>> information about your system.
>>>>
>>>> Click Start, Run and in the box enter:
>>>>
>>>> msinfo32
>>>>
>>>> Click OK, and when the System Summary info appears, click Edit, Select
>>>> All, Copy and then paste the information back here.
>>>>
>>>> There will be some personal information (like System Name and User
>>>> Name), and whatever appears to be private information to you, just
>>>> delete it from the pasted information.
>>>>
>>>> Perform some scans for malicious software, then fix any remaining
>>>> issues:
>>>>
>>>> Download, install, update and do a full scan with these free malware
>>>> detection programs:
>>>>
>>>> Malwarebytes (MBAM): http://malwarebytes.org/
>>>> SUPERAntiSpyware: (SAS): http://www.superantispyware.com/
>>>>
>>>> They can be uninstalled later if desired.
>
 
S

Sirius

Flightless Bird
Thank you, Jose.

I sincerely hope there is nothing seriously wrong with this system.

My friend had only AVG on it for protection. It did not protect her well,
obviously.

Dr Web is a portable scanner which I ran from a flash drive.

I did a scan with mbam older version but the definitions were not up to
date. The update was trying to install the new version.
The definition was from 6-09.

I was doing a clean start with the help of msconfig is what I meant,
hoping that would make mbam work.
Then I discovered that some checkmarks kept coming back in the startup tab,
namely:

ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).

Which I found very strange, never seen it before on other pc startup.

I've decided to run a health test on the hardware next. If the hard drive is
dying, that could cause data corruptions.


"Jose" <jose_ease@yahoo.com> wrote in message
news:b163d9f1-e69b-4ef6-adb5-52bd23ef641f@o4g2000vbo.googlegroups.com...
On May 26, 1:02 pm, "Sirius" <nospam22-nos...@yahoo.nul> wrote:
> Thank you, Jose. I did a scan in safe mode with DR Web Cure it an
> quarantined everything it found.
>
> I was able to run a safe mode scan with mbam older version.
> I can not get the new verison of mbam to work.
> Keep getting the "mbam error expanding variables 0 9".
> Every scan takes a very long time because there is a lot.
>
> Now I am doing Avast boot time scanner. I'll post back with what you
> suggested when finished.
>
> Thanks again.
>
> "Jose" <jose_e...@yahoo.com> wrote in message
>
> news:e9433a4b-574a-4d1e-8d9f-acd9b94118e2@o12g2000vba.googlegroups.com...
> On May 26, 12:12 pm, "Sirius" <nospam22-nos...@yahoo.nul> wrote:
>
>
>
>
>
> > It's happening in safe mode also.
> > Is there a way to manually extract a copy of the registry from a restore
> > point?
>
> > "Db" <databas...@hotmail.com> wrote in message
>
> >news:C1615B6A-FD0F-408B-ACAE-77D6C8439838@microsoft.com...
>
> > > sometimes when the desktop
> > > fails to load,
>
> > > it is a sign of a problem with
> > > the registry hive.
>
> > > you might try opening the
> > > task manager and killing all
> > > instances of explorer.exe
>
> > > then launch a new instance
> > > of explorer.exe
>
> > > however, given that you are
> > > also unable to amend the
> > > startups in msconfig,
>
> > > the issues above may be
> > > indicative of a serious problem
> > > with the registry hive
>
> > > the registry hive, like any file
> > > on the disk can become un-
> > > indexed by the mft.
>
> > > there is also a possibility that
> > > a program has locked up the
> > > registry to keep it from being
> > > modified.
>
> > > the above can be caused by
> > > malware or some anti viral
> > > program that was intentionally
> > > installed.
>
> > > because there are several
> > > methods to address the issue
> > > or issues above,
>
> > > my first suggestion is to
> > > simply boot into safe
> > > mode.
>
> > > in there you can see if
> > > performance is better than
> > > in normal mode.
>
> > > in there you can use system
> > > restore and see if there is a
> > > functional point to execute.
>
> > > in there you can amend the
> > > startups and services via
> > > msconfig;
>
> > > disabling all startups and
> > > non microsoft services.
>
> > > --
> > > --
> > > db·´¯`·...¸><)))º>
>
> > > DatabaseBen, Retired Professional
>
> > > ~~~~~~~~~~~~~~~
> > > This NNTP newsgroup is evolving to:
>
> > >http://answers.microsoft.com/en-us/default.aspx
>
> > > "Sirius" <nospam22-nos...@yahoo.nul> wrote in message
> > >news:e3sPxWN$KHA.5916@TK2MSFTNGP04.phx.gbl...
> > >> Hello People
>
> > >> This is my friends computer - again. It seems she really got it
> > >> messed
> > >> up.
>
> > >> Also some programs missing from the start menu also, like system
> > >> restore.
> > >> I was able to access system restore from the help and support, went
> > >> back
> > >> about a month, but the icons did not come back.
> > >> Some minor spyware and adware infections were found.
>
> > >> Also, in msconfig I can't turn off some startup items. After I
> > >> uncheck
> > >> them they keep coming back. They are:
>
> > >> ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).
>
> > >> Is there any way to get back her icons - I'm not even sure what she
> > >> had
> > >> exactly -? Or are they gone forever?
>
> > >> Thank you.
>
> If I were you, I would stop "trying" things. You can try things all
> day long nd it doesn't seem to be working very well.
>
> Did booting in Safe Mode help you at all? Describe what you learned
> from that exercise and what you will do next.
>
> You need to have some known starting point so get there and then work
> on the issues. Nothing you describe sounds too terrible, but some of
> the ideas to get your system working are way overboard - but, you can
> do what you want of course.
>
> You should stop messing with msconfig, turning things off and on,
> don't worry about extracting just registry files from a restore point,
> etc. If SR is missing or borken, no problem - we can fix it later
> but first you need to get stabilized.
>
> If your system boots and can get on the Internet, you con't need to
> slave it in another machine - fix it where it is.
>
> To eliminate questions and guessing, please provide additional
> information about your system.
>
> Click Start, Run and in the box enter:
>
> msinfo32
>
> Click OK, and when the System Summary info appears, click Edit, Select
> All, Copy and then paste the information back here.
>
> There will be some personal information (like System Name and User
> Name), and whatever appears to be private information to you, just
> delete it from the pasted information.
>
> Perform some scans for malicious software, then fix any remaining
> issues:
>
> Download, install, update and do a full scan with these free malware
> detection programs:
>
> Malwarebytes (MBAM): http://malwarebytes.org/
> SUPERAntiSpyware: (SAS): http://www.superantispyware.com/
>
> They can be uninstalled later if desired.

MBAM does not recommend running in Safe Mode.

There was some issue on certain systems (especially with other
scanning tools installed) reporting the error like you describe with
MBAM 1.46.

It does not indicate a seriously compromised system. It indicates a
system that had had a bunch of other stuff run on it that can't tell a
legitimate file from a bad file (Avast!, Dr, Web Cureit!) and then the
system had been tampered with by the user (self inflicted wounds).

If you have MBAM 1.46:

Uninstall MBAM from Add/Remove Programs

Reboot

Download and run mbam-clean.exe from here:

http://www.malwarebytes.org/mbam-clean.exe

Reboot again.

Go back to malwarebytes.org and download version 1.45.

Install and do a full scan with MBAM 1.45

Sadly, I don't know what you mean about "doing things" to files in
your msconfig....

Your msinfo32 information looks fine to me.
 
S

Sirius

Flightless Bird
Tried it, did not help. Thank you.


"George" <null@null.net> wrote in message
news:-O9P76rZ$KHA.4308@TK2MSFTNGP04.phx.gbl...
> Have you tried UNCHECKING it, rebooting, then CHECKING it and rebooting
> again? May not do anything but you won't lose anything by trying.
>
>
> "Sirius" <nospam22-nospam@yahoo.nul> wrote in message
> news:uQgw3ET$KHA.1068@TK2MSFTNGP05.phx.gbl...
>> Unfortunately, no. Not so simple. The checkmark is there but does not
>> mean a thing....
>>
>>
>> "George" <null@null.net> wrote in message
>> news:uWxm3kP$KHA.5044@TK2MSFTNGP04.phx.gbl...
>>> About the desktop, could it possibly be something simple like:
>>>
>>> Right click on desktop > Arrange Icons By > checkmark on Show Desktop
>>> Icons ?
>>>
>>> George
>>>
>>>
>>> "Sirius" <nospam22-nospam@yahoo.nul> wrote in message
>>> news:e3sPxWN$KHA.5916@TK2MSFTNGP04.phx.gbl...
>>>> Hello People
>>>>
>>>> This is my friends computer - again. It seems she really got it messed
>>>> up.
>>>>
>>>> Also some programs missing from the start menu also, like system
>>>> restore. I was able to access system restore from the help and support,
>>>> went back about a month, but the icons did not come back.
>>>> Some minor spyware and adware infections were found.
>>>>
>>>> Also, in msconfig I can't turn off some startup items. After I uncheck
>>>> them they keep coming back. They are:
>>>>
>>>> ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).
>>>>
>>>> Is there any way to get back her icons - I'm not even sure what she had
>>>> exactly -? Or are they gone forever?
>>>>
>>>> Thank you.
>>>>
>>>
>>>
>>
>>
>
>
 
S

Sirius

Flightless Bird
The hard drive is fine, passed all tests.


"Jose" <jose_ease@yahoo.com> wrote in message
news:b163d9f1-e69b-4ef6-adb5-52bd23ef641f@o4g2000vbo.googlegroups.com...
On May 26, 1:02 pm, "Sirius" <nospam22-nos...@yahoo.nul> wrote:
> Thank you, Jose. I did a scan in safe mode with DR Web Cure it an
> quarantined everything it found.
>
> I was able to run a safe mode scan with mbam older version.
> I can not get the new verison of mbam to work.
> Keep getting the "mbam error expanding variables 0 9".
> Every scan takes a very long time because there is a lot.
>
> Now I am doing Avast boot time scanner. I'll post back with what you
> suggested when finished.
>
> Thanks again.
>
> "Jose" <jose_e...@yahoo.com> wrote in message
>
> news:e9433a4b-574a-4d1e-8d9f-acd9b94118e2@o12g2000vba.googlegroups.com...
> On May 26, 12:12 pm, "Sirius" <nospam22-nos...@yahoo.nul> wrote:
>
>
>
>
>
> > It's happening in safe mode also.
> > Is there a way to manually extract a copy of the registry from a restore
> > point?
>
> > "Db" <databas...@hotmail.com> wrote in message
>
> >news:C1615B6A-FD0F-408B-ACAE-77D6C8439838@microsoft.com...
>
> > > sometimes when the desktop
> > > fails to load,
>
> > > it is a sign of a problem with
> > > the registry hive.
>
> > > you might try opening the
> > > task manager and killing all
> > > instances of explorer.exe
>
> > > then launch a new instance
> > > of explorer.exe
>
> > > however, given that you are
> > > also unable to amend the
> > > startups in msconfig,
>
> > > the issues above may be
> > > indicative of a serious problem
> > > with the registry hive
>
> > > the registry hive, like any file
> > > on the disk can become un-
> > > indexed by the mft.
>
> > > there is also a possibility that
> > > a program has locked up the
> > > registry to keep it from being
> > > modified.
>
> > > the above can be caused by
> > > malware or some anti viral
> > > program that was intentionally
> > > installed.
>
> > > because there are several
> > > methods to address the issue
> > > or issues above,
>
> > > my first suggestion is to
> > > simply boot into safe
> > > mode.
>
> > > in there you can see if
> > > performance is better than
> > > in normal mode.
>
> > > in there you can use system
> > > restore and see if there is a
> > > functional point to execute.
>
> > > in there you can amend the
> > > startups and services via
> > > msconfig;
>
> > > disabling all startups and
> > > non microsoft services.
>
> > > --
> > > --
> > > db·´¯`·...¸><)))º>
>
> > > DatabaseBen, Retired Professional
>
> > > ~~~~~~~~~~~~~~~
> > > This NNTP newsgroup is evolving to:
>
> > >http://answers.microsoft.com/en-us/default.aspx
>
> > > "Sirius" <nospam22-nos...@yahoo.nul> wrote in message
> > >news:e3sPxWN$KHA.5916@TK2MSFTNGP04.phx.gbl...
> > >> Hello People
>
> > >> This is my friends computer - again. It seems she really got it
> > >> messed
> > >> up.
>
> > >> Also some programs missing from the start menu also, like system
> > >> restore.
> > >> I was able to access system restore from the help and support, went
> > >> back
> > >> about a month, but the icons did not come back.
> > >> Some minor spyware and adware infections were found.
>
> > >> Also, in msconfig I can't turn off some startup items. After I
> > >> uncheck
> > >> them they keep coming back. They are:
>
> > >> ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).
>
> > >> Is there any way to get back her icons - I'm not even sure what she
> > >> had
> > >> exactly -? Or are they gone forever?
>
> > >> Thank you.
>
> If I were you, I would stop "trying" things. You can try things all
> day long nd it doesn't seem to be working very well.
>
> Did booting in Safe Mode help you at all? Describe what you learned
> from that exercise and what you will do next.
>
> You need to have some known starting point so get there and then work
> on the issues. Nothing you describe sounds too terrible, but some of
> the ideas to get your system working are way overboard - but, you can
> do what you want of course.
>
> You should stop messing with msconfig, turning things off and on,
> don't worry about extracting just registry files from a restore point,
> etc. If SR is missing or borken, no problem - we can fix it later
> but first you need to get stabilized.
>
> If your system boots and can get on the Internet, you con't need to
> slave it in another machine - fix it where it is.
>
> To eliminate questions and guessing, please provide additional
> information about your system.
>
> Click Start, Run and in the box enter:
>
> msinfo32
>
> Click OK, and when the System Summary info appears, click Edit, Select
> All, Copy and then paste the information back here.
>
> There will be some personal information (like System Name and User
> Name), and whatever appears to be private information to you, just
> delete it from the pasted information.
>
> Perform some scans for malicious software, then fix any remaining
> issues:
>
> Download, install, update and do a full scan with these free malware
> detection programs:
>
> Malwarebytes (MBAM): http://malwarebytes.org/
> SUPERAntiSpyware: (SAS): http://www.superantispyware.com/
>
> They can be uninstalled later if desired.

MBAM does not recommend running in Safe Mode.

There was some issue on certain systems (especially with other
scanning tools installed) reporting the error like you describe with
MBAM 1.46.

It does not indicate a seriously compromised system. It indicates a
system that had had a bunch of other stuff run on it that can't tell a
legitimate file from a bad file (Avast!, Dr, Web Cureit!) and then the
system had been tampered with by the user (self inflicted wounds).

If you have MBAM 1.46:

Uninstall MBAM from Add/Remove Programs

Reboot

Download and run mbam-clean.exe from here:

http://www.malwarebytes.org/mbam-clean.exe

Reboot again.

Go back to malwarebytes.org and download version 1.45.

Install and do a full scan with MBAM 1.45

Sadly, I don't know what you mean about "doing things" to files in
your msconfig....

Your msinfo32 information looks fine to me.
 
J

Jose

Flightless Bird
On May 27, 10:34 am, "Sirius" <nospam22-nos...@yahoo.nul> wrote:
> Thank you, Jose.
>
> I sincerely hope there is nothing seriously wrong with this system.
>
> My friend had only AVG on it for protection. It did not protect her well,
> obviously.
>
> Dr Web is a portable scanner which I ran from a flash drive.
>
> I did a scan with mbam older version but the definitions were not up to
> date. The update was trying to install the new version.
> The definition was from 6-09.
>
> I was doing  a clean start with the help of msconfig is what I meant,
> hoping that would make mbam work.
> Then I discovered that some checkmarks kept coming back in the startup tab,
> namely:
>
> ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).
>
> Which I found very strange, never seen it before on other pc startup.
>
> I've decided to run a health test on the hardware next. If the hard driveis
> dying, that could cause data corruptions.
>
> "Jose" <jose_e...@yahoo.com> wrote in message
>
> news:b163d9f1-e69b-4ef6-adb5-52bd23ef641f@o4g2000vbo.googlegroups.com...
> On May 26, 1:02 pm, "Sirius" <nospam22-nos...@yahoo.nul> wrote:
>
>
>
>
>
> > Thank you, Jose. I did a scan in safe mode with DR Web Cure it an
> > quarantined everything it found.
>
> > I was able to run a safe mode scan with mbam older version.
> > I can not get the new verison of mbam to work.
> > Keep getting the "mbam error expanding variables 0 9".
> > Every scan takes a very long time because there is a lot.
>
> > Now I am doing Avast boot time scanner. I'll post back with what you
> > suggested when finished.
>
> > Thanks again.
>
> > "Jose" <jose_e...@yahoo.com> wrote in message
>
> >news:e9433a4b-574a-4d1e-8d9f-acd9b94118e2@o12g2000vba.googlegroups.com....
> > On May 26, 12:12 pm, "Sirius" <nospam22-nos...@yahoo.nul> wrote:
>
> > > It's happening in safe mode also.
> > > Is there a way to manually extract a copy of the registry from a restore
> > > point?
>
> > > "Db" <databas...@hotmail.com> wrote in message
>
> > >news:C1615B6A-FD0F-408B-ACAE-77D6C8439838@microsoft.com...
>
> > > > sometimes when the desktop
> > > > fails to load,
>
> > > > it is a sign of a problem with
> > > > the registry hive.
>
> > > > you might try opening the
> > > > task manager and killing all
> > > > instances of explorer.exe
>
> > > > then launch a new instance
> > > > of explorer.exe
>
> > > > however, given that you are
> > > > also unable to amend the
> > > > startups in msconfig,
>
> > > > the issues above may be
> > > > indicative of a serious problem
> > > > with the registry hive
>
> > > > the registry hive, like any file
> > > > on the disk can become un-
> > > > indexed by the mft.
>
> > > > there is also a possibility that
> > > > a program has locked up the
> > > > registry to keep it from being
> > > > modified.
>
> > > > the above can be caused by
> > > > malware or some anti viral
> > > > program that was intentionally
> > > > installed.
>
> > > > because there are several
> > > > methods to address the issue
> > > > or issues above,
>
> > > > my first suggestion is to
> > > > simply boot into safe
> > > > mode.
>
> > > > in there you can see if
> > > > performance is better than
> > > > in normal mode.
>
> > > > in there you can use system
> > > > restore and see if there is a
> > > > functional point to execute.
>
> > > > in there you can amend the
> > > > startups and services via
> > > > msconfig;
>
> > > > disabling all startups and
> > > > non microsoft services.
>
> > > > --
> > > > --
> > > > db·´¯`·...¸><)))º>
>
> > > > DatabaseBen, Retired Professional
>
> > > > ~~~~~~~~~~~~~~~
> > > > This NNTP newsgroup is evolving to:
>
> > > >http://answers.microsoft.com/en-us/default.aspx
>
> > > > "Sirius" <nospam22-nos...@yahoo.nul> wrote in message
> > > >news:e3sPxWN$KHA.5916@TK2MSFTNGP04.phx.gbl...
> > > >> Hello People
>
> > > >> This is my friends computer - again. It seems she really got it
> > > >> messed
> > > >> up.
>
> > > >> Also some programs missing from the start menu also, like system
> > > >> restore.
> > > >> I was able to access system restore from the help and support, went
> > > >> back
> > > >> about a month, but the icons did not come back.
> > > >> Some minor spyware and adware infections were found.
>
> > > >> Also, in msconfig I can't turn off some startup items. After I
> > > >> uncheck
> > > >> them they keep coming back. They are:
>
> > > >> ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).
>
> > > >> Is there any way to get back her icons - I'm not even sure what she
> > > >> had
> > > >> exactly -? Or are they gone forever?
>
> > > >> Thank you.
>
> > If I were you, I would stop "trying" things. You can try things all
> > day long nd it doesn't seem to be working very well.
>
> > Did booting in Safe Mode help you at all? Describe what you learned
> > from that exercise and what you will do next.
>
> > You need to have some known starting point so get there and then work
> > on the issues. Nothing you describe sounds too terrible, but some of
> > the ideas to get your system working are way overboard - but, you can
> > do what you want of course.
>
> > You should stop messing with msconfig, turning things off and on,
> > don't worry about extracting just registry files from a restore point,
> > etc. If SR is missing or borken, no problem - we can fix it later
> > but first you need to get stabilized.
>
> > If your system boots and can get on the Internet, you con't need to
> > slave it in another machine - fix it where it is.
>
> > To eliminate questions and guessing, please provide additional
> > information about your system.
>
> > Click Start, Run and in the box enter:
>
> > msinfo32
>
> > Click OK, and when the System Summary info appears, click Edit, Select
> > All, Copy and then paste the information back here.
>
> > There will be some personal information (like System Name and User
> > Name), and whatever appears to be private information to you, just
> > delete it from the pasted information.
>
> > Perform some scans for malicious software, then fix any remaining
> > issues:
>
> > Download, install, update and do a full scan with these free malware
> > detection programs:
>
> > Malwarebytes (MBAM):http://malwarebytes.org/
> > SUPERAntiSpyware: (SAS):http://www.superantispyware.com/
>
> > They can be uninstalled later if desired.
>
> MBAM does not recommend running in Safe Mode.
>
> There was some issue on certain systems (especially with other
> scanning tools installed) reporting the error like you describe with
> MBAM 1.46.
>
> It does not indicate a seriously compromised system.  It indicates a
> system that had had a bunch of other stuff run on it that can't tell a
> legitimate file from a bad file (Avast!, Dr, Web Cureit!) and then the
> system had been tampered with by the user (self inflicted wounds).
>
> If you have MBAM 1.46:
>
> Uninstall MBAM from Add/Remove Programs
>
> Reboot
>
> Download and run mbam-clean.exe from here:
>
> http://www.malwarebytes.org/mbam-clean.exe
>
> Reboot again.
>
> Go back to malwarebytes.org and download version 1.45.
>
> Install and do a full scan with MBAM 1.45
>
> Sadly, I don't know what you mean about "doing things" to files in
> your msconfig....
>
> Your msinfo32 information looks fine to me.

You should not have not have entries like that in the msconfig Startup
tab, so I don't get it at all, so let's see your startup information:

Download and install CCleaner from here and the Startup information to
a text file. Launch CCLeaner, click Tools, Startup, Save to text file
and save the startup information to your desktop (or someplace you can
find it) open the file with a text editor, select all and paste the
contents back here:

http://www.piriform.com/ccleaner

Uninstall CCleaner later fif you don't like it (most people seem to
like it for it's other features).

Uninstall any old versions of MBAM, reboot, install the latest
versions of MBAM (no problem for me with 1.46), update and do a fill
scan.

If MBAM does not work, define what does not work means. It won't
install, it won't launch, etc. We have our ways to make it talk....
 
S

Sirius

Flightless Bird
I don't see a "save to text file" in ccleaner for the startup, only for the
installed programs.

I do like ccleaner myself. I agree, those entries should not be there.

I have error messages when I try to start mbam "mbam error expanding
variables 0 9".

Hard drive passed the hardware test. Are you around this holliday weekend?

Thank you.

"Jose" <jose_ease@yahoo.com> wrote in message
news:514c0132-499a-4358-8d2f-b51e63e10156@d12g2000vbr.googlegroups.com...
On May 27, 10:34 am, "Sirius" <nospam22-nos...@yahoo.nul> wrote:
> Thank you, Jose.
>
> I sincerely hope there is nothing seriously wrong with this system.
>
> My friend had only AVG on it for protection. It did not protect her well,
> obviously.
>
> Dr Web is a portable scanner which I ran from a flash drive.
>
> I did a scan with mbam older version but the definitions were not up to
> date. The update was trying to install the new version.
> The definition was from 6-09.
>
> I was doing a clean start with the help of msconfig is what I meant,
> hoping that would make mbam work.
> Then I discovered that some checkmarks kept coming back in the startup
> tab,
> namely:
>
> ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).
>
> Which I found very strange, never seen it before on other pc startup.
>
> I've decided to run a health test on the hardware next. If the hard drive
> is
> dying, that could cause data corruptions.
>
> "Jose" <jose_e...@yahoo.com> wrote in message
>
> news:b163d9f1-e69b-4ef6-adb5-52bd23ef641f@o4g2000vbo.googlegroups.com...
> On May 26, 1:02 pm, "Sirius" <nospam22-nos...@yahoo.nul> wrote:
>
>
>
>
>
> > Thank you, Jose. I did a scan in safe mode with DR Web Cure it an
> > quarantined everything it found.
>
> > I was able to run a safe mode scan with mbam older version.
> > I can not get the new verison of mbam to work.
> > Keep getting the "mbam error expanding variables 0 9".
> > Every scan takes a very long time because there is a lot.
>
> > Now I am doing Avast boot time scanner. I'll post back with what you
> > suggested when finished.
>
> > Thanks again.
>
> > "Jose" <jose_e...@yahoo.com> wrote in message
>
> >news:e9433a4b-574a-4d1e-8d9f-acd9b94118e2@o12g2000vba.googlegroups.com...
> > On May 26, 12:12 pm, "Sirius" <nospam22-nos...@yahoo.nul> wrote:
>
> > > It's happening in safe mode also.
> > > Is there a way to manually extract a copy of the registry from a
> > > restore
> > > point?
>
> > > "Db" <databas...@hotmail.com> wrote in message
>
> > >news:C1615B6A-FD0F-408B-ACAE-77D6C8439838@microsoft.com...
>
> > > > sometimes when the desktop
> > > > fails to load,
>
> > > > it is a sign of a problem with
> > > > the registry hive.
>
> > > > you might try opening the
> > > > task manager and killing all
> > > > instances of explorer.exe
>
> > > > then launch a new instance
> > > > of explorer.exe
>
> > > > however, given that you are
> > > > also unable to amend the
> > > > startups in msconfig,
>
> > > > the issues above may be
> > > > indicative of a serious problem
> > > > with the registry hive
>
> > > > the registry hive, like any file
> > > > on the disk can become un-
> > > > indexed by the mft.
>
> > > > there is also a possibility that
> > > > a program has locked up the
> > > > registry to keep it from being
> > > > modified.
>
> > > > the above can be caused by
> > > > malware or some anti viral
> > > > program that was intentionally
> > > > installed.
>
> > > > because there are several
> > > > methods to address the issue
> > > > or issues above,
>
> > > > my first suggestion is to
> > > > simply boot into safe
> > > > mode.
>
> > > > in there you can see if
> > > > performance is better than
> > > > in normal mode.
>
> > > > in there you can use system
> > > > restore and see if there is a
> > > > functional point to execute.
>
> > > > in there you can amend the
> > > > startups and services via
> > > > msconfig;
>
> > > > disabling all startups and
> > > > non microsoft services.
>
> > > > --
> > > > --
> > > > db·´¯`·...¸><)))º>
>
> > > > DatabaseBen, Retired Professional
>
> > > > ~~~~~~~~~~~~~~~
> > > > This NNTP newsgroup is evolving to:
>
> > > >http://answers.microsoft.com/en-us/default.aspx
>
> > > > "Sirius" <nospam22-nos...@yahoo.nul> wrote in message
> > > >news:e3sPxWN$KHA.5916@TK2MSFTNGP04.phx.gbl...
> > > >> Hello People
>
> > > >> This is my friends computer - again. It seems she really got it
> > > >> messed
> > > >> up.
>
> > > >> Also some programs missing from the start menu also, like system
> > > >> restore.
> > > >> I was able to access system restore from the help and support, went
> > > >> back
> > > >> about a month, but the icons did not come back.
> > > >> Some minor spyware and adware infections were found.
>
> > > >> Also, in msconfig I can't turn off some startup items. After I
> > > >> uncheck
> > > >> them they keep coming back. They are:
>
> > > >> ntuser.dat, ntuser.dat.LOG, ntuser.ini, and ~ (tilde file).
>
> > > >> Is there any way to get back her icons - I'm not even sure what she


You should not have not have entries like that in the msconfig Startup
tab, so I don't get it at all, so let's see your startup information:

Download and install CCleaner from here and the Startup information to
a text file. Launch CCLeaner, click Tools, Startup, Save to text file
and save the startup information to your desktop (or someplace you can
find it) open the file with a text editor, select all and paste the
contents back here:

http://www.piriform.com/ccleaner

Uninstall CCleaner later fif you don't like it (most people seem to
like it for it's other features).

Uninstall any old versions of MBAM, reboot, install the latest
versions of MBAM (no problem for me with 1.46), update and do a fill
scan.

If MBAM does not work, define what does not work means. It won't
install, it won't launch, etc. We have our ways to make it talk....
 
D

Daave

Flightless Bird
Sirius wrote:
> I have error messages when I try to start mbam "mbam error expanding
> variables 0 9".

That is the result of the malware you have. You will continue to go
around in circles as long as you to try to run MBAM while still in the
infected system. In another post you mentioned you would consider
slaving the drive to a working PC. That's your ticket. (Either that or
perform a Clean Install.)

Or just continue to spin your wheels...
 
J

Jose

Flightless Bird
On May 28, 12:37 pm, "Sirius" <nospam22-nos...@yahoo.nul> wrote:
> I don't see a "save to text file" in ccleaner for the startup, only for the
> installed programs.
>

Then you may have an old version of CCleaner - they added it recently
in 2.31.1153 (that was nice of them)

Get CCleaner here:

http://www.ccleaner.com/

If MBAM installs okay but will not launch, rename mbam.exe to jose.exe
and launch jose.exe (the malware will not be expecting that. Or maybe
it will by now...).

Your MBAM installation could also be afflicted - uninstall MBAM from
Add/Remove Programs, reboot and install it again and report the
results.

If you still have a problem, run SAS from the other link I provided.
 
S

Sirius

Flightless Bird
Daave,

I respect everybody's suggestions. Some of them
will not work. If I slave the drive. Jose, for instance.

Thank you.

"Daave" <daave@example.com> wrote in message
news:-OSI7goq$KHA.5536@TK2MSFTNGP02.phx.gbl...
> Sirius wrote:
>> I have error messages when I try to start mbam "mbam error expanding
>> variables 0 9".
>
> That is the result of the malware you have. You will continue to go around
> in circles as long as you to try to run MBAM while still in the infected
> system. In another post you mentioned you would consider slaving the drive
> to a working PC. That's your ticket. (Either that or perform a Clean
> Install.)
>
> Or just continue to spin your wheels...
>
 
S

Sirius

Flightless Bird
Jose, here it is:

Yes HKCU:Run ctfmon.exe C:/WINDOWS\system32\ctfmon.exe
Yes HKCU:Run swg "C:/Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
No HKCU:Run ctfmon C:/WINDOWS\system32\ctfmon.exe
No HKCU:Run DesktopWeather "C:/Program Files\The Weather Channel
FW\Desktop\DesktopWeather.exe"
No HKCU:Run notifyapp C:/Documents and Settings\Owner\Application
Data\Jenkat\Jenkat Games Arcade\notifyapp.exe
No HKCU:Run NBJ "C:/Program Files\Ahead\Nero BackItUp\NBJ.exe"
No HKCU:Run smileycons C:/Program Files\Smileycons\smileycons.exe
No HKCU:Run SUPERAntiSpyware C:/Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
No HKCU:Run GoogleToolbarNotifier "C:/Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
No HKCU:Run wweb32
Yes HKLM:Run MSConfig C:/WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
/auto
Yes HKLM:Run avast5 C:/PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
No HKLM:Run AdobeARM "C:/Program Files\Common
Files\Adobe\ARM\1.0\AdobeARM.exe"
No HKLM:Run Reader_sl "C:/Program Files\Adobe\Reader
9.0\Reader\Reader_sl.exe"
No HKLM:Run avgtray C:/PROGRA~1\AVG\AVG9\avgtray.exe
No HKLM:Run CarbonitePreinstaller "C:/Program
Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst
/reshowat=1800
No HKLM:Run brctrcen C:/Program Files\Brother\ControlCenter2\brctrcen.exe
/autorun
No HKLM:Run CorelIOMonitor C:/Program Files\Corel\Corel Paint Shop Pro Photo
X2\CorelIOMonitor.exe
No HKLM:Run CTHELPER CTHELPER.EXE
No HKLM:Run GWInkMonitor "C:/Program Files\Gateway\Gateway Ink
Monitor\GWInkMonitor.exe"
No HKLM:Run InCD C:/Program Files\Ahead\InCD\InCD.exe
No HKLM:Run IndexSearch C:/Program Files\ScanSoft\PaperPort\IndexSearch.exe
No HKLM:Run NeroCheck C:/WINDOWS\system32\NeroCheck.exe
No HKLM:Run NvCpl RUNDLL32.EXE C:/WINDOWS\system32\NvCpl.dll,NvStartup
No HKLM:Run NvMcTray RUNDLL32.EXE
C:/WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
No HKLM:Run nwiz nwiz.exe /install
No HKLM:Run pptd40nt C:/Program Files\ScanSoft\PaperPort\pptd40nt.exe
No HKLM:Run QTTask "C:/Program Files\QuickTime\QTTask.exe" -atboottime
No HKLM:Run RealPlay C:/Program Files\Real\RealPlayer\RealPlay.exe
SYSTEMBOOTHIDEPLAYER
No HKLM:Run BrStDvPt C:/Program Files\Brother\Brmfl04b\BrStDvPt.exe
No HKLM:Run SSBkgdupdate "C:/Program Files\Common Files\Scansoft
Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
No HKLM:Run jusched "C:/Program Files\Common Files\Java\Java
Update\jusched.exe"
No Startup Common ntuser.dat \ntuser.dat
No Startup Common ntuser.dat.LOG \ntuser.dat.LOG
No Startup Common ntuser.ini \ntuser.ini
No Startup Common ~ \~



"Jose" <jose_ease@yahoo.com> wrote in message
news:5185d1a0-6324-4f90-85cc-54d09eabcd1e@m33g2000vbi.googlegroups.com...
On May 28, 12:37 pm, "Sirius" <nospam22-nos...@yahoo.nul> wrote:
> I don't see a "save to text file" in ccleaner for the startup, only for
> the
> installed programs.
>

Then you may have an old version of CCleaner - they added it recently
in 2.31.1153 (that was nice of them)

Get CCleaner here:

http://www.ccleaner.com/

If MBAM installs okay but will not launch, rename mbam.exe to jose.exe
and launch jose.exe (the malware will not be expecting that. Or maybe
it will by now...).

Your MBAM installation could also be afflicted - uninstall MBAM from
Add/Remove Programs, reboot and install it again and report the
results.

If you still have a problem, run SAS from the other link I provided.
 
D

Daave

Flightless Bird
I'm not sure I follow, Sirius.

Slaving the drive is probably the only way to properly scan for malware
at this point (especially if you want to use MBAM). If you are unable to
slave the drive and if none of the other suggestions work, I think you
need to copy the data and perform a Clean Install.

If you are able to figure out another way, that's cool. But from what
I've seen in this thread, your PC is probably too compromised. And
although a Clean Install can take some time to do, it would have been a
lot quicker than the alternatives!

You could also try booting off one of the rescue CDs mentioned here:

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

Good luck.


Sirius wrote:
> Daave,
>
> I respect everybody's suggestions. Some of them
> will not work. If I slave the drive. Jose, for instance.
>
> Thank you.
>
> "Daave" <daave@example.com> wrote in message
> news:-OSI7goq$KHA.5536@TK2MSFTNGP02.phx.gbl...
>> Sirius wrote:
>>> I have error messages when I try to start mbam "mbam error expanding
>>> variables 0 9".
>>
>> That is the result of the malware you have. You will continue to go
>> around in circles as long as you to try to run MBAM while still in
>> the infected system. In another post you mentioned you would
>> consider slaving the drive to a working PC. That's your ticket.
>> (Either that or perform a Clean Install.)
>>
>> Or just continue to spin your wheels...
 
S

Sirius

Flightless Bird
This thread got pretty complicated.

Jose wanted me to post an msinfo32, then print the startup items
from ccleaner latest version from the sick computer itself.

I did a scan with superantyspyware, nothing.

Trendmicro sysclean, nothing found. Also their rubotted and rootkit
buster, nothing found.

My friend is out of town for the weekend and I don't have the installation
disks to do a clean install. Untill then, I don't mind learning
and trying new things.




"Daave" <daave@example.com> wrote in message
news:eED%23Npt$KHA.348@TK2MSFTNGP06.phx.gbl...
> I'm not sure I follow, Sirius.
>
> Slaving the drive is probably the only way to properly scan for malware at
> this point (especially if you want to use MBAM). If you are unable to
> slave the drive and if none of the other suggestions work, I think you
> need to copy the data and perform a Clean Install.
>
> If you are able to figure out another way, that's cool. But from what I've
> seen in this thread, your PC is probably too compromised. And although a
> Clean Install can take some time to do, it would have been a lot quicker
> than the alternatives!
>
> You could also try booting off one of the rescue CDs mentioned here:
>
> http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/
>
> Good luck.
>
>
> Sirius wrote:
>> Daave,
>>
>> I respect everybody's suggestions. Some of them
>> will not work. If I slave the drive. Jose, for instance.
>>
>> Thank you.
>>
>> "Daave" <daave@example.com> wrote in message
>> news:-OSI7goq$KHA.5536@TK2MSFTNGP02.phx.gbl...
>>> Sirius wrote:
>>>> I have error messages when I try to start mbam "mbam error expanding
>>>> variables 0 9".
>>>
>>> That is the result of the malware you have. You will continue to go
>>> around in circles as long as you to try to run MBAM while still in
>>> the infected system. In another post you mentioned you would
>>> consider slaving the drive to a working PC. That's your ticket.
>>> (Either that or perform a Clean Install.)
>>>
>>> Or just continue to spin your wheels...
>
>
 
S

Sirius

Flightless Bird
Jose, did you see this?

"Sirius" <nospam22-nospam@yahoo.nul> wrote in message
news:ulcbf4s$KHA.3880@TK2MSFTNGP04.phx.gbl...
> Jose, here it is:
>
> Yes HKCU:Run ctfmon.exe C:/WINDOWS\system32\ctfmon.exe
> Yes HKCU:Run swg "C:/Program
> Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
> No HKCU:Run ctfmon C:/WINDOWS\system32\ctfmon.exe
> No HKCU:Run DesktopWeather "C:/Program Files\The Weather Channel
> FW\Desktop\DesktopWeather.exe"
> No HKCU:Run notifyapp C:/Documents and Settings\Owner\Application
> Data\Jenkat\Jenkat Games Arcade\notifyapp.exe
> No HKCU:Run NBJ "C:/Program Files\Ahead\Nero BackItUp\NBJ.exe"
> No HKCU:Run smileycons C:/Program Files\Smileycons\smileycons.exe
> No HKCU:Run SUPERAntiSpyware C:/Program
> Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
> No HKCU:Run GoogleToolbarNotifier "C:/Program
> Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
> No HKCU:Run wweb32
> Yes HKLM:Run MSConfig C:/WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
> /auto
> Yes HKLM:Run avast5 C:/PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
> No HKLM:Run AdobeARM "C:/Program Files\Common
> Files\Adobe\ARM\1.0\AdobeARM.exe"
> No HKLM:Run Reader_sl "C:/Program Files\Adobe\Reader
> 9.0\Reader\Reader_sl.exe"
> No HKLM:Run avgtray C:/PROGRA~1\AVG\AVG9\avgtray.exe
> No HKLM:Run CarbonitePreinstaller "C:/Program
> Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst
> /reshowat=1800
> No HKLM:Run brctrcen C:/Program Files\Brother\ControlCenter2\brctrcen.exe
> /autorun
> No HKLM:Run CorelIOMonitor C:/Program Files\Corel\Corel Paint Shop Pro
> Photo X2\CorelIOMonitor.exe
> No HKLM:Run CTHELPER CTHELPER.EXE
> No HKLM:Run GWInkMonitor "C:/Program Files\Gateway\Gateway Ink
> Monitor\GWInkMonitor.exe"
> No HKLM:Run InCD C:/Program Files\Ahead\InCD\InCD.exe
> No HKLM:Run IndexSearch C:/Program
> Files\ScanSoft\PaperPort\IndexSearch.exe
> No HKLM:Run NeroCheck C:/WINDOWS\system32\NeroCheck.exe
> No HKLM:Run NvCpl RUNDLL32.EXE C:/WINDOWS\system32\NvCpl.dll,NvStartup
> No HKLM:Run NvMcTray RUNDLL32.EXE
> C:/WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
> No HKLM:Run nwiz nwiz.exe /install
> No HKLM:Run pptd40nt C:/Program Files\ScanSoft\PaperPort\pptd40nt.exe
> No HKLM:Run QTTask "C:/Program Files\QuickTime\QTTask.exe" -atboottime
> No HKLM:Run RealPlay C:/Program Files\Real\RealPlayer\RealPlay.exe
> SYSTEMBOOTHIDEPLAYER
> No HKLM:Run BrStDvPt C:/Program Files\Brother\Brmfl04b\BrStDvPt.exe
> No HKLM:Run SSBkgdupdate "C:/Program Files\Common Files\Scansoft
> Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
> No HKLM:Run jusched "C:/Program Files\Common Files\Java\Java
> Update\jusched.exe"
> No Startup Common ntuser.dat \ntuser.dat
> No Startup Common ntuser.dat.LOG \ntuser.dat.LOG
> No Startup Common ntuser.ini \ntuser.ini
> No Startup Common ~ \~
>
>
>
> "Jose" <jose_ease@yahoo.com> wrote in message
> news:5185d1a0-6324-4f90-85cc-54d09eabcd1e@m33g2000vbi.googlegroups.com...
> On May 28, 12:37 pm, "Sirius" <nospam22-nos...@yahoo.nul> wrote:
>> I don't see a "save to text file" in ccleaner for the startup, only for
>> the
>> installed programs.
>>
>
> Then you may have an old version of CCleaner - they added it recently
> in 2.31.1153 (that was nice of them)
>
> Get CCleaner here:
>
> http://www.ccleaner.com/
>
> If MBAM installs okay but will not launch, rename mbam.exe to jose.exe
> and launch jose.exe (the malware will not be expecting that. Or maybe
> it will by now...).
>
> Your MBAM installation could also be afflicted - uninstall MBAM from
> Add/Remove Programs, reboot and install it again and report the
> results.
>
> If you still have a problem, run SAS from the other link I provided.
>
>
 
You must log in or register to reply here.
Top