Computer cleaned (?) but Control Panel still inaccessible

**jholland1964** · 01-19-2008, 01:32 PM

Ok, do this...
Reboot to safe mode.
Then go to My Computer
"C" Drive
Windows folder and look for the folder pss.
When you find that folder noted by me in red...delete it.

Also in C drive look for C:\VundoFix Backups and delete that also.

Uninstall ComboFix, go to to Start > Run & type in ComboFix /u

Reboot the computer to Normal Mode. Don't open any programs or browsers.
Next;
Right click My Computer. Choose Properties. When the System Properties box comes up click the System Restore Tab. Put a dot in Turn off System Restore. You will receive a warning it is turning off click ok or yes, whatever the choice is. Let it turn off. Wait a moment and then go back in and turn it on.
Next go back to Kaspersky and run a full scan with it. DO NOT STOP the Scan. Let it run all the way through. Be sure there are no disks in the drives.
Post back here with the new log.

**jholland1964** · 01-19-2008, 02:03 PM

Also you have some temp files you really need to get rid of...
Try it this way;
Go to Start, Search, Files and Folders and type in this

*.tmp

Search
Allow the search to continue UNTIL COMPLETE. Then go up to Edit, Select All and then Delete.

**Tirhakah** · 01-19-2008, 03:21 PM

All done. Attached kavscan (done before deleting the tmp files) and another hjt log.

**jholland1964** · 01-19-2008, 04:50 PM

Both logs look good to me.
You need to run HJT again and place a checkmark next to these two entries;
O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Ddbhiegc\xflzntyr.dll (file missing)
O20 - Winlogon Notify: winfgm32 - winfgm32.dll (file missing)
Once you have placed the checkmarks then click the Fix Checked button.
Exit HJT.
Reboot the computer.

Now you have items running at start up which are totally unnecessary and I would recommend turning off these auto starts to save system resources if nothing else. All of these can be run manually if needed.
I recommend using Mike Lin's Start Up Control Panel
to easily control these. Download, install. Then you will find it in the Control Panel with a tiny computer Icon and labeled Start Up. Double click to open and go through the various tabs and remove the checkmarks from these items;

SoundMan>>>System Tray icon for the Realtek AC97 Audio Sound Manager for AC97 onboard audio. Available via Start -> Settings-> Control Panel
QuickTime Task>>>provides a system tray icon that you can use for quick access to the QuickTime application and additional settings.
IntelliPoint>>>required if you use non-standard Windows driver features. If you don't then disable.
Gainward>>> Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control Panel
REGSHAVE>>>Part of the USB driver for your Fuji digital cameras - used when uninstalling the USB drivers, erasing all entries from the registry. Only required BEFORE attempting to uninstall the Fuji software or the uninstall may not work correctly
Adobe Gamma Loader>>> Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Otherwise unnecessary and can be run manually.
Adobe Reader Speed Launch>>>supposedly speeds launch of Adobe Reader. Takes but a few seconds to do manually.
Microsoft Office>>>Helps speed start up of some Office programs, a resource hog. Programs easily start manually.
Office Startup>>>Helps speed start up of some Office programs, a resource hog. Programs easily start manually.

Once you have removed the checkmarks then click ok and close the program. Reboot the computer.
You should be clean now. How are things running?

**PhilliePhan** · 01-19-2008, 11:19 PM

Originally Posted by jholland1964

O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Ddbhiegc\xflzntyr.dll (file missing)

Looking good, Judy

I would suggest deleting this folder as it can't be anything good.....
C:\Program Files\Ddbhiegc

You may want to update Adobe and remove old one as well...

Cheers

PP

**jholland1964** · 01-20-2008, 12:06 AM

You are totally right PP, my bad. Add PP's instructions to what I gave you ok?

**Tirhakah** · 01-20-2008, 12:21 PM

Ok, done all of that. (When you said upgrade Adobe I assume you mean reader - thats what I've done, anyway). I've also removed a few unused programs and defragged the drive, and everything seems to be running smoothly now

Included a final kavscan and hjt, Kaspersky reports the computer as clean, which is nice

Also, I just want to say thankyou to both of you, for all the help you have given in getting this computer back on it's feet.

**jholland1964** · 01-20-2008, 12:35 PM

All looks good to me. I would also recommend, if I have not earlier that you install SpywareBlaster that PP links to, notes and explains in this thread
Happy all is running well and glad we could provide needed help!
Judy

**PhilliePhan** · 01-21-2008, 05:20 PM

Originally Posted by jholland1964

Happy all is running well and glad we could provide needed help!

X2

-- I would like you to reinstall your resident AV, though. It was infected by the new Vundo and I am not sure if you and Judy cleaned it or not - have not had a lot of time to pore over scanlogs these days. Some logs show it, some do not.

Better yet, download RenV.exe to your Desktop and run it from the Desktop.

http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe

Please attach that log for me, just to be on the safe side...

PP

**Tirhakah** · 01-22-2008, 12:16 PM

Ok, doesn't look very informative, but here it is:

Thread: Computer cleaned (?) but Control Panel still inaccessible

Thread Tools

Display

Thread Information

Users Browsing this Thread

Posting Permissions