Infected PC!! Solved

Question

Hello,

I just acquired a Dell PC and my daughter inserted a USB key and locked it. AVG detected threats. I scanned with USBFix and Ad Remover and ZHPDiag; log here:

Configuration: Windows 7 / Firefox 4.0
http://www.cijoint.fr/cjlink.php?file=cj201104/cij2fwZcar.txt

Thank you for helping: note: currently the PC no longer runs as before; at startup the AVG alert appears and I can't remove it.

khaldcasa · Answer

Hello,  Avast or Avira??

Lyonnais92 · Answer

Hello,  post the USBFix report.  ===  There are already 2 antivirus programs (MSE and AVG)  and 3 antispyware programs (AVG, Arovax and Windows Defender)  In my opinion, MSE and Windows Defender are enough.  === Go to this site:  https://www.virustotal.com/gui/  Click Browse and search for this file: C:\Users	aky\AppData\Roaming\Dropbox\shellext\l\4da15020  Click Send File.  A report will be generated line by line.  Wait for it to finish. It must include the size of the sent file.  Save the report with Notepad.  Copy it into your reply.  If VirusTotal indicates that the file has already been analyzed, click the button Reanalyse the file now  -- See you soon Science without conscience is but ruin of the soul. Rabelais

khaldcasa · Answer

yes but i can't deactivate avg?

ddu93 · Answer

I see :)  Uninstaller: http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe  And don't forget that after installing Avast, it performs a full system scan, do not ignore it if it asks you :)

khaldcasa · Answer

thank you problem solved; thank you

Lyonnais92 · Answer

Hello, if you haven’t fixed your duplicates in your security software, you’re going to have problems. Moreover, a closer reading of your report ZHPDiag shows Spybot S&D and MBAM. The latter is, in my opinion, the best (even without active guarding) and should be used from time to time after updates. Conversely, Spybot S&D no longer has any effectiveness and I strongly suggest you uninstall it. You should also uninstall the tools (no need to keep them; they evolve quickly and old versions become ineffective). Rerun Ad-remover (right-click and Run as administrator) and choose the Deletion option. Same with USBFix. Finally, right-click on the ZHPFix.exe icon on your Desktop, then select 'Run as administrator'. Click on the red A (Tool Cleaner). Click Clean. Restart the computer to finish the cleanup. -- See you later Science without conscience is but the ruin of the soul. Rabelais

khaldcasa · Answer

Hello, thanks for your advice; indeed I deleted spybot s&d and kept mbam.  Should I re-download zhp and perform a manipulation?? as well as adremover and usb fix?? because I deleted everything  thank you

khaldcasa · Answer

I allowed myself to rescan zhp here is the log: http://www.cijoint.fr/cjlink.php?file=cj201104/cijs5FCH8M.txt  wait for instructions

Lyonnais92 · Answer

Hello, a bit of cleaning.

Copy the lines below to the clipboard (select with the mouse and press Ctrl+C simultaneously)

O45 - LFCP:[MD5.3DD25E3128632CC5C3B502FD874489A7] - 10/04/2011 - 19:34:03 ---A- - C:\Windows\Prefetch\AgCx_SC2.db O45 - LFCP:[MD5.9DCF3F261079B7BCA0D6AAF064E59E86] - 10/04/2011 - 19:51:40 ---A- - C:\Windows\Prefetch\AgCx_SC1.db.trx O45 - LFCP:[MD5.F9A8C5E65792313EF02D3FA84C47CFC3] - 10/04/2011 - 19:52:41 ---A- - C:\Windows\Prefetch\AgCx_SC1.db O45 - LFCP:[MD5.AF07D7E78823B65AB4253E3F64FEB3D9] - 15/04/2011 - 16:37:42 ---A- - C:\Windows\Prefetch\AgCx_S1_S-1-5-21-1014692800-3519297534-427515985-1000.snp.db O45 - LFCP:[MD5.0393A078B84535034EBA4E96C724067A] - 15/04/2011 - 16:38:50 ---A- - C:\Windows\Prefetch\AgCx_SC3_55C21DB6.db O45 - LFCP:[MD5.3BF31066412C9A47A9009564CB3C1855] - 15/04/2011 - 18:39:41 ---A- - C:\Windows\Prefetch\DELFIX(1).EXE-C221E31F.pf O45 - LFCP:[MD5.9B0626A9653FE528490AF1AB6B170DBA] - 15/04/2011 - 18:39:45 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-C5670914.pf O45 - LFCP:[MD5.EE2E649211F41097348E97E8E0D79941] - 15/04/2011 - 18:49:59 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf O45 - LFCP:[MD5.7286A21F373826DC45A3B9AAE897E2D9] - 15/04/2011 - 18:56:38 ---A- - C:\Windows\Prefetch\INTEGRATOR.EXE-F966D045.pf O45 - LFCP:[MD5.428C91E90AB738E45961EACDAB014BCB] - 15/04/2011 - 18:56:44 ---A- - C:\Windows\Prefetch\REGREPAIR.EXE-AFBEDF0F.pf O45 - LFCP:[MD5.CB257C4390D0190FFF54704583589C70] - 15/04/2011 - 18:57:31 ---A- - C:\Windows\Prefetch\SHORTCUTSFIXER.EXE-2BB4E7DB.pf O45 - LFCP:[MD5.E3E7C6ACC137D83809DB7C7153A20B47] - 15/04/2011 - 18:59:25 ---A- - C:\Windows\Prefetch\MEMDEFRAG.EXE-9421E842.pf O45 - LFCP:[MD5.5C879821B398BCF3D55624D86A463988] - 15/04/2011 - 18:59:45 ---A- - C:\Windows\Prefetch\TRACKSERASER.EXE-4AC6DF24.pf O45 - LFCP:[MD5.D4564ACC6C8B407A340892CBCAD71294] - 15/04/2011 - 19:02:21 ---A- - C:\Windows\Prefetch\DUPEFINDER.EXE-5D9F8B30.pf O45 - LFCP:[MD5.DA8FCE658C2508D88C2DF7B0D8E9EDFE] - 15/04/2011 - 19:02:55 ---A- - C:\Windows\Prefetch\EFF.EXE-8C5A110F.pf O45 - LFCP:[MD5.B3F5A45AE50D9BD9AB9B93A7A7DEE3AD] - 15/04/2011 - 19:06:12 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-C4135E3F.pf O45 - LFCP:[MD5.45546A7350617524F51360E1F13CB98F] - 15/04/2011 - 19:33:50 ---A- - C:\Windows\Prefetch\VSUSETUP.EXE-945DF746.pf O45 - LFCP:[MD5.D286EE25A181A693BE75F0FA4CFAE2EC] - 15/04/2011 - 19:33:51 ---A- - C:\Windows\Prefetch\UNINST.EXE-22ABBBBF.pf O45 - LFCP:[MD5.EB62C695F088C6CA228C5E4A01C665EF] - 15/04/2011 - 21:04:33 ---A- - C:\Windows\Prefetch\MPSIGSTUB.EXE-E6B2483B.pf O45 - LFCP:[MD5.39AFE6CE97FF2652FF0D447B40D71B22] - 15/04/2011 - 21:04:34 ---A- - C:\Windows\Prefetch\AM_ENGINE.EXE-F1C956E4.pf O45 - LFCP:[MD5.66689C6C28FD7EFDE52506CCF4581503] - 15/04/2011 - 21:04:38 ---A- - C:\Windows\Prefetch\AM_BASE.EXE-3F70DC95.pf O45 - LFCP:[MD5.D2192A2A7C03E9BA1717CCCEAF3DF69B] - 15/04/2011 - 21:04:38 ---A- - C:\Windows\Prefetch\NIS_BASE.EXE-CEA6D1D9.pf O45 - LFCP:[MD5.F27CB16A98A8B2701C893F1249700DCC] - 15/04/2011 - 21:04:38 ---A- - C:\Windows\Prefetch\NIS_ENGINE.EXE-A0A59BE8.pf O45 - LFCP:[MD5.5225C885AD03B1E84CA513BC50F19DC0] - 15/04/2011 - 21:04:39 ---A- - C:\Windows\Prefetch\NIS_DELTA_PATCH.EXE-A8B90AD7.pf O45 - LFCP:[MD5.A25D7BED01DB49D7475F552F3A81482D] - 15/04/2011 - 21:04:49 ---A- - C:\Windows\Prefetch\AM_DELTA.EXE-78CA83B0.pf O45 - LFCP:[MD5.B72E078FAD9CE4D5E53FE665B4CC03D6] - 15/04/2011 - 21:04:49 ---A- - C:\Windows\Prefetch\MPSIGSTUB.EXE-5D0450B3.pf O45 - LFCP:[MD5.433D39EA0E93ABE6A65914AE35842F73] - 15/04/2011 - 21:05:06 ---A- - C:\Windows\Prefetch\NISSRV.EXE-3353C142.pf O64 - Services: CurCS - (.not file.) - MpKsl0b015f3b (MpKsl0b015f3b) .(...) - LEGACY_MPKSL0B015F3B O64 - Services: CurCS - (.not file.) - MpKsl107365c5 (MpKsl107365c5) .(...) - LEGACY_MPKSL107365C5 O64 - Services: CurCS - (.not file.) - MpKsl12c874c2 (MpKsl12c874c2) .(.) ...

khaldcasa · Answer

ZHPFix 1.12.3275 report by Nicolas Coolman, Update of 11/04/2011
Export file: Registry
Run by taky at 17/04/2011 13:59:25
Windows 7 Business Edition, 32-bit (Build 7600)
Web site: http://www.premiumorange.com/zeb-help-process/zhpfix.html

========== Registry Key(s) ========== 
O64 - Services: CurCS - (.not file.) - MpKsl0b015f3b (MpKsl0b015f3b) .(...) - LEGACY_MPKSL0B015F3B => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl107365c5 (MpKsl107365c5) .(...) - LEGACY_MPKSL107365C5 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl12c874c2 (MpKsl12c874c2) .(...) - LEGACY_MPKSL12C874C2 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl16c5c52d (MpKsl16c5c52d) .(...) - LEGACY_MPKSL16C5C52D => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl1910121e (MpKsl1910121e) .(...) - LEGACY_MPKSL1910121E => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl21074d59 (MpKsl21074d59) .(...) - LEGACY_MPKSL21074D59 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl24477e0d (MpKsl24477e0d) .(...) - LEGACY_MPKSL24477E0D => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl24c4a4ff (MpKsl24c4a4ff) .(...) - LEGACY_MPKSL24C4A4FF => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl289ebac6 (MpKsl289ebac6) .(...) - LEGACY_MPKSL289EBAC6 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl2923fa0e (MpKsl2923fa0e) .(...) - LEGACY_MPKSL2923FA0E => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl29cbf6c6 (MpKsl29cbf6c6) .(...) - LEGACY_MPKSL29CBF6C6 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl2c040dc1 (MpKsl2c040dc1) .(...) - LEGACY_MPKSL2C040DC1 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl2f21ef98 (MpKsl2f21ef98) .(...) - LEGACY_MPKSL2F21EF98 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl312857d5 (MpKsl312857d5) .(...) - LEGACY_MPKSL312857D5 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl343765d7 (MpKsl343765d7) .(...) - LEGACY_MPKSL343765D7 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl3f14110d (MpKsl3f14110d) .(...) - LEGACY_MPKSL3F14110D => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl40fd755a (MpKsl40fd755a) .(...) - LEGACY_MPKSL40FD755A => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl42a1acb1 (MpKsl42a1acb1) .(.)... - LEGACY_MPKSL42A1ACB1 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl44282920 (MpKsl44282920) .(...) - LEGACY_MPKSL44282920 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl44517adc (MpKsl44517adc) .(...) - LEGACY_MPKSL44517ADC => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl45c42d71 (MpKsl45c42d71) .(...) - LEGACY_MPKSL45C42D71 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl47f9df79 (MpKsl47f9df79) .(...) - LEGACY_MPKSL47F9DF79 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl487b3823 (MpKsl487b3823) .(...) - LEGACY_MPKSL487B3823 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl51cae602 (MpKsl51cae602) .(...) - LEGACY_MPKSL51CAE602 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl55afba88 (MpKsl55afba88) .(...) - LEGACY_MPKSL55AFBA88 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl560b90fb (MpKsl560b90fb) .(...) - LEGACY_MPKSL560B90FB => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl57606374 (MpKsl57606374) .(...) - LEGACY_MPKSL57606374 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl57650983 (MpKsl57650983) .(...) - LEGACY_MPKSL57650983 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl5bbc9b48 (MpKsl5bbc9b48) .(...) - LEGACY_MPKSL5BBC9B48 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl5f380c18 (MpKsl5f380c18) .(...) - LEGACY_MPKSL5F380C18 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl612cc27a (MpKsl612cc27a) .(...) - LEGACY_MPKSL612CC27A => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl61c87588 (MpKsl61c87588) .(...) - LEGACY_MPKSL61C87588 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl6288a1b7 (MpKsl6288a1b7) .(...) - LEGACY_MPKSL6288A1B7 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl63cbac52 (MpKsl63cbac52) .(.)... - LEGACY_MPKSL63CBAC52 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl65b6a863 (MpKsl65b6a863) .(.)... - LEGACY_MPKSL65B6A863 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl65c1f0b2 (MpKsl65c1f0b2) .(...) - LEGACY_MPKSL65C1F0B2 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl7404c431 (MpKsl7404c431) .(...) - LEGACY_MPKSL7404C431 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl7432f266 (MpKsl7432f266) .(...) - LEGACY_MPKSL7432F266 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl756521d0 (MpKsl756521d0) .(...) - LEGACY_MPKSL756521D0 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl77374d68 (MpKsl77374d68) .(...) - LEGACY_MPKSL77374D68 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl7765f13b (MpKsl7765f13b) .(...) - LEGACY_MPKSL7765F13B => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl77d34b56 (MpKsl77d34b56) .(...) - LEGACY_MPKSL77D34B56 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl8069007d (MpKsl8069007d) .(...) - LEGACY_MPKSL8069007D => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl82e5ce01 (MpKsl82e5ce01) .(...) - LEGACY_MPKSL82E5CE01 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl887b6098 (MpKsl887b6098) .(.)... - LEGACY_MPKSL887B6098 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl8afb223a (MpKsl8afb223a) .(...) - LEGACY_MPKSL8AFB223A => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl8f396aaf (MpKsl8f396aaf) .(...) - LEGACY_MPKSL8F396AAF => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl912d15f0 (MpKsl912d15f0) .(...) - LEGACY_MPKSL912D15F0 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl99cafbfb (MpKsl99cafbfb) .(...) - LEGACY_MPKSL99CAFBFB => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl99f35ff3 (MpKsl99f35ff3) .(.)... - LEGACY_MPKSL99F35FF3 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl9b1e7bc9 (MpKsl9b1e7bc9) .(...) - LEGACY_MPKSL9B1E7BC9 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsl9b35ec9f (MpKsl9b35ec9f) .(.)... - LEGACY_MPKSL9B35EC9F => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsla20a75c1 (MpKsla20a75c1) .(...) - LEGACY_MPKSLA20A75C1 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsla9c93020 (MpKsla9c93020) .(...) - LEGACY_MPKSLA9C93020 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKslaaa7ed36 (MpKslaaa7ed36) .(...) - LEGACY_MPKSLAAA7ED36 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKslade8840a (MpKslade8840a) .(...) - LEGACY_MPKSLADE8840A => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKslaec57016 (MpKslaec57016) .(...) - LEGACY_MPKSLAEC57016 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKslb126b2f5 (MpKslb126b2f5) .(...) - LEGACY_MPKSLB126B2F5 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKslb1dfff0e (MpKslb1dfff0e) .(...) - LEGACY_MPKSLB1DFFF0E => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKslb5be9f09 (MpKslb5be9f09) .(...) - LEGACY_MPKSLB5BE9F09 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKslbb6bc267 (MpKslbb6bc267) .(...) - LEGACY_MPKSLBB6BC267 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKslbdb54202 (MpKslbdb54202) .(...) - LEGACY_MPKSLBDB54202 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKslc2d4a27f (MpKslc2d4a27f) .(...) - LEGACY_MPKSLC2D4A27F => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKslc96605eb (MpKslc96605eb) .(...) - LEGACY_MPKSLC96605EB => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKslcf60b5f0 (MpKslcf60b5f0) .(...) - LEGACY_MPKSLCF60B5F0 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsld1a666bc (MpKsld1a666bc) .(...) - LEGACY_MPKSLD1A666BC => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsld89b8f98 (MpKsld89b8f98) .(...) - LEGACY_MPKSLD89B8F98 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsldf6b9c05 (MpKsldf6b9c05) .(...) - LEGACY_MPKSLDF6B9C05 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsle0f2de45 (MpKsle0f2de45) .(...) - LEGACY_MPKSLE0F2DE45 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsle23eb666 (MpKsle23eb666) .(...) - LEGACY_MPKSLE23EB666 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsle67e4ba2 (MpKsle67e4ba2) .(...) - LEGACY_MPKSLE67E4BA2 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKsle68097d9 (MpKsle68097d9) .(...) - LEGACY_MPKSLE68097D9 => Key successfully deleted
O64 - Services: CurCS - (.not file.) - MpKslea7df998 (MpKslea7df998) .(...) - LEGACY_MPKSLEA7DF998 => Key successfully deleted

========== File(s) ========== 
c:\windows\prefetch\agcx_sc2.db => Deleted and quarantined
c:\windows\prefetch\agcx_sc1.db.trx => Deleted and quarantined
c:\windows\prefetch\agcx_sc1.db => Deleted and quarantined
c:\windows\prefetch\agcx_s1_s-1-5-21-1014692800-3519297534-427515985-1000.snp.db => Deleted and quarantined
c:\windows\prefetch\agcx_sc3_55c21db6.db => Deleted and quarantined
c:\windows\prefetch\delfix(1).exe-c221e31f.pf => Deleted and quarantined
c:\windows\prefetch
otepad.exe-c5670914.pf => Deleted and quarantined
c:\windows\prefetch
tosboot-b00dfaad.pf => Deleted and quarantined
c:\windows\prefetch\integrator.exe-f966d045.pf => Deleted and quarantined
c:\windows\prefetchegrepair.exe-afbedf0f.pf => Deleted and quarantined
c:\windows\prefetch\shortcutsfixer.exe-2bb4e7db.pf => Deleted and quarantined
c:\windows\prefetch\memdefrag.exe-9421e842.pf => Deleted and quarantined
c:\windows\prefetch	rackseraser.exe-4ac6df24.pf => Deleted and quarantined
c:\windows\prefetch\dupefinder.exe-5d9f8b30.pf => Deleted and quarantined
c:\windows\prefetch\eff.exe-8c5a110f.pf => Deleted and quarantined
c:\windows\prefetchundll32.exe-c4135e3f.pf => Deleted and quarantined
c:\windows\prefetch\vsusetup.exe-945df746.pf => Deleted and quarantined
c:\windows\prefetch\uninst.exe-22abbbbf.pf => Deleted and quarantined
c:\windows\prefetch\mpsigstub.exe-e6b2483b.pf => Deleted and quarantined
c:\windows\prefetch\am_engine.exe-f1c956e4.pf => Deleted and quarantined
c:\windows\prefetch\am_base.exe-3f70dc95.pf => Deleted and quarantined
c:\windows\prefetch
is_base.exe-cea6d1d9.pf => Deleted and quarantined
c:\windows\prefetch
is_engine.exe-a0a59be8.pf => Deleted and quarantined
c:\windows\prefetch
is_delta_patch.exe-a8b90ad7.pf => Deleted and quarantined
c:\windows\prefetch\am_delta.exe-78ca83b0.pf => Deleted and quarantined
c:\windows\prefetch\mpsigstub.exe-5d0450b3.pf => Deleted and quarantined
c:\windows\prefetch
issrv.exe-3353c142.pf => Deleted and quarantined
c:\windows\prefetch\avnotify.exe-baf43521.pf => Deleted and quarantined
c:\windows\prefetch\mpas-fe.exe-2aace792.pf => Deleted and quarantined
c:\windows\prefetch\mpsigstub.exe-6ca8cfd3.pf => Deleted and quarantined
c:\windows\prefetch\wuauclt.exe-5d573f0e.pf => Deleted and quarantined
c:\windows\prefetchundll32.exe-071727d5.pf => Deleted and quarantined
c:\windows\prefetch\explorer.exe-d5e97654.pf => Deleted and quarantined
c:\windows\prefetch\ielowutil.exe-f7372953.pf => Deleted and quarantined
c:\windows\prefetch\wsqmcons.exe-4048402c.pf => Deleted and quarantined
c:\windows\prefetch\aggluad_p_s-1-5-21-1014692800-3519297534-427515985-1000.db => Deleted and quarantined
c:\windows\prefetch\aggluad_s-1-5-21-1014692800-3519297534-427515985-1000.db => Deleted and quarantined
c:\windows\prefetch\speccy.exe-af6a1c89.pf => Deleted and quarantined
c:\windows\prefetch\svchost.exe-b597a9d1.pf => Deleted and quarantined
c:\windows\prefetch\wmiprvse.exe-e8b8dd29.pf => Deleted and quarantined
c:\windows\prefetch\wmiapsrv.exe-fc8436dd.pf => Deleted and quarantined
c:\windows\prefetch\mpc-hc.exe-f593d5b1.pf => Deleted and quarantined
c:\windows\prefetch\mblctr.exe-0eb0fdf9.pf => Deleted and quarantined
c:\windows\prefetch\webcamdell2.exe-4ba75fce.pf => Deleted and quarantined
c:\windows\prefetch\avscan.exe-a539614d.pf => Deleted and quarantined
c:\windows\prefetch\vssvc.exe-6c8f0c66.pf => Deleted and quarantined
c:\windows\prefetch\svchost.exe-6a249820.pf => Deleted and quarantined
c:\windows\prefetch\drvinst.exe-39d9eac7.pf => Deleted and quarantined
c:\windows\prefetch\vlc.exe-73b04bfb.pf => Deleted and quarantined
c:\windows\prefetch\logonui.exe-f639bd7e.pf => Deleted and quarantined
c:\windows\prefetch\internet mobile.exe-6f7a1095.pf => Deleted and quarantined
c:\windows\prefetch\msdt.exe-d579957d.pf => Deleted and quarantined
c:\windows\prefetch\csc.exe-f8803eea.pf => Deleted and quarantined
c:\windows\prefetch\cvtres.exe-cb8485b0.pf => Deleted and quarantined
c:\windows\prefetch\sdiagnhost.exe-b3171aa1.pf => Deleted

Lyonnais92 · Answer

Hi,

you should update Windows.

Then, we’ll clean ZHPDiag.

Right-click the ZHPFix.exe icon on your Desktop, then select 'Run as administrator'.

Click on the red A (Tool Cleaner).

Click on Clean.

Restart the computer to finish the cleaning.

--  
See you later  
Science without conscience is but the ruin of the soul. Rabelais

khaldcasa · Answer

How to update it when I have checked automatic updates?

khaldcasa · Answer

I’m installing the latest updates via Windows Updatewaiting for instructionsthank you

khaldcasa · Answer

I installed MA J (IE9) (ie9 link) and I noticed in the history that there were Microsoft Security Essentials updates; I have it and replaced it with Avira, should I delete them, and how.  Thank you

Lyonnais92 · Answer

Hi,  if MSE is in Add/Remove Programs, uninstall it.  Otherwise, do nothing. -- See you Science sans conscience n'est que ruine de l'âme. Rabelais

khaldcasa · Answer

no, it does not exist since I deleted it with revo. so should I leave these updates??

Lyonnais92 · Answer

Hi,  you can also delete them, they’re useless. -- See you Science without conscience is but the ruin of the soul. Rabelais

khaldcasa · Answer

I can’t find it in the control panel. uninstalled the program; there are too many updates except the ones I want waiting for instructions thank you

Lyonnais92 · Answer

Hi,  don’t bother with that.  Leave them alone. -- see you later Science without conscience is but the ruin of the soul. Rabelais

khaldcasa · Answer

Okay, from time to time Avira warns me that: a file autorun.inf has been blocked!!! what is that?

Lyonnais92 · Answer

Hi,  autorun files are one of the ways to infection via network and external media (USB keys for example).  Some tools block them systematically.  If you can see when it happens, you should be able to find the file and delete it. -- @+ Science without conscience is only ruin of the soul. Rabelais

khaldcasa · Answer

okay I’ll keep an eye on it; thanks for your help.

Lyonnais92 · Answer

Hi,  you’re welcome for the help, it was a pleasure.  I’m marking the topic as resolved but you can reopen it if you have any issue. -- see you Science without conscience is but the ruin of the soul. Rabelais

khaldcasa · Answer

Ok, by the way, should I empty [the] restore and create a restore point?

Lyonnais92 · Answer

Hi,

yes,

it's a good initiative. 
--
see you
Science without conscience is only the ruin of the soul. Rabelais

khaldcasa · Answer

hello,

I’m getting familiar with wind.7 a bit and I’m looking for how to empty and create a save point

khaldcasa · Answer

I’m hesitating to venture out; I’ve found several sections, but I’d prefer you give me a step-by-step plan!! thank you; I don’t have a CD drive on my PC, so if there’s a mistake in the registry or elsewhere, it will be a mess

Lyonnais92 · Answer

Good evening,

We'll just settle for taking a clean restore point.

start by typing "restore" in the "Search programs and files" box.

Choose Create a restore point and click Create.

===

What does the computer's documentation say about backup and restore (and Windows repair)?

Do you have a restore partition?

===

You don't have a CD drive? What does D:\ correspond to in Windows Explorer?

--

See you later.

Science without conscience is but the ruin of the soul. Rabelais

khaldcasa · Answer

Hello,

Sincerely, it’s a gift I received from a dear person with a Dell wind7 CD.

I think the D: is the 3G USB modem key.

I’ve seen several backups created by Revo, Glary, etc.!!!!

In all the programs I’ve seen documentation, which I will study and I’ll keep you posted.

Thanks again, Lyonnais;

Lyonnais92 · Answer

Hello,  there is something strange.  On the one hand you say the computer has no CD drive, on the other hand you have the “Dell Windows CD” (which is the brand of the computer).  Take a good look at the documentation. -- @+ Science without conscience is only the ruin of the soul. Rabelais

khaldcasa · Answer

no, nothing weird i saw it's the huawei modem that is recognized as d; that's all  on dell documentation i found nothing about restoration and backup,

Lyonnais92 · Answer

Hi,  give me the exact model of the computer (like Dell Latitude 1224).  That way I’ll find the technical references. -- See you Science without conscience is only the ruin of the soul. Rabelais

khaldcasa · Answer

Dell Latitude 13

Lyonnais92 · Answer

Hi,  I’m not sure if you understand English. But since I had a bit of trouble finding the reference, I’m linking the Dell user manual  http://support.euro.dell.com/support/topics/global.aspx/support/kcs/document?&docid=DSN_370333&isLegacy=true  http://support.euro.dell.com/support/edocs/SOFTWARE/DBRM/index.htm  the problem is a bit complicated by the fact that the 13 lacks an internal CD/DVD drive and the external drive is optional.  Rest assured, you don’t need to restore your system.  Simply, it’s better to know in advance what’s possible and how to do it.  It makes life easier the day a serious problem arises.  ===  The important point quickly is to back up your personal documents to an external medium.  An external USB hard drive is a good solution.  If you have a backup of your data, with the original CDs, we can always work it out.  -- See you soon Science without conscience is but the ruination of the soul. Rabelais

khaldcasa · Answer

okay dear friend, thanks for everything, I’m studying your link and I’m looking on Google on my side because I want to configure Bluetooth as well I’ll keep you posted

Lyonnais92 · Answer

Hi there,

I’m repeating it: the only thing to do is back up your personal data.

As for the rest, it’s a good investment to better know your computer (here, the mechanisms for Windows restoration/repair).

—

See you,

Science without conscience is but ruin of the soul. Rabelais

khaldcasa · Answer

Hello; indeed I back up on CD and/or USB drive your point, I explore and take notes to come back just in case!! you omitted to attach the link ........above I encountered a lot of topics concerning this section. now I’m also looking for a section concerning Bluetooth I would like to use my phone with the computer.... I tell you again thank you and thanks to you and CCM I’m learning a lot of things and one day I’ll help internet users in turn:lol see you later

Lyonnais92 · Answer

Hello,  I don’t see which link I forgot.  I’ve put 2 here:  https://forums.commentcamarche.net/forum/affich-21801015-pc-infecte?page=2#36  On my end, they work. -- See you Science sans conscience n’est que ruine de l’âme. Rabelais

khaldcasa · Answer

RE  For the rest, it is a good investment to know your computer better (here the mechanisms for restoring/repairing Windows).  IF I UNDERSTAND CORRECTLY, YOU WERE TALKING ABOUT the link higher up,

Lyonnais92 · Answer

Hi there,

yes, I was talking about the DELL support links.

I didn’t include a link for backups on external media. The Windows Explorer Copy function works. But you can also use other explorers or specialized tools.

--
See you later
Science without conscience is but the ruin of the soul. Rabelais

khaldcasa · Answer

Yes, it works!!!! did you find something to activate Bluetooth?

Lyonnais92 · Answer

Hello,  does this help you:  http://support.euro.dell.com/support/topics/global.aspx/support/kcs/document?c=fr&cs=frbsdt1&l=fr&s=bsd&docid=DSN_360822&isLegacy=true  (Dell support is an incredible mess) -- see you Science sans conscience n'est que ruine de l'âme. Rabelais

khaldcasa · Answer

I couldn't find the n: series and Dell can't communicate it to me, in short support is too complicated, can I use another support?

Infected PC!!

43 answers

Connecting a sony handycam video 8 ccd f555e to an hd tv

My printer won't connect to my pc anymore

Male voice replacing my contact’s voicemail?

Set up 2 computers on 1 cleaner account

"system call failed"

What alternatives to molotov for watching live tv?

Gigaset a170h

Windows 11 microphone issue

Startup issue

Signal cable not detected on iiyama monitor