heidiiiii5

If she has that stuff on the computer (itorrent etc) I will ask her about that later and tell her to remove it. I have no idea. I will get back to you. Thanks!

I have completely forgotten how to do this so if I am posting in the wrong area, I am sorry, My daughter left me a note stating that she accidentally clicked on a link today and some stupid malware downloaded. She used the quick scan on our version of Malwarebytes but I guess it seemed to not get them all. I do not really know. She says that something called Expressburn wont go away. I have just gotten home and not experienced anything yet but I have been here twice with some really nasty stuff so I want to nip it in the bud. Thanks Heidi

Thank you. Have a good weekend!

I am about ready to throw this Dell off the front porch and run over it repeatedly with my Jeep! I do not know what was downloaded because of course the *kids* act dumb when it comes to fessing up. I know I have something infecting the computer because of all the weird things going on. I bought malwarebytes yesterday because I could not take it anymore. I just do not know what to do besides the quick scan that quarantines stuff One issue is with startup. There is something infecting the start up and sometimes it says it has critical problems and has to close. Or it will just crash. Or it wont let you shut down properly. The clock will change the time on its own. When you first go on, and you open another window, another window will pop up and wants you to watch a video. It is a cluster you know what! Oh, and on Tuesday System Mechanic Pro just stopped working all together. The iolo system tray wont even come on so I cannot turn on the virus protection...it will not automatically come on anymore. I hope someone can help me.

Nope. Just making sure. sorry to bother you.

Okay. duh. I need more coffee. You said protection log. I will post one from yesterday and today. 2012/05/29 10:34:02 -0400 HEIDI-PC Heidi MESSAGE Starting protection 2012/05/29 10:34:05 -0400 HEIDI-PC Heidi MESSAGE Protection started successfully 2012/05/29 10:34:08 -0400 HEIDI-PC Heidi MESSAGE Starting IP protection 2012/05/29 10:34:12 -0400 HEIDI-PC Heidi MESSAGE IP Protection started successfully 2012/05/29 10:37:35 -0400 HEIDI-PC Heidi MESSAGE Executing scheduled update: Daily 2012/05/29 10:37:52 -0400 HEIDI-PC Heidi MESSAGE Scheduled update executed successfully: database updated from version v2012.05.27.06 to version v2012.05.29.04 2012/05/29 10:37:52 -0400 HEIDI-PC Heidi MESSAGE Starting database refresh 2012/05/29 10:37:52 -0400 HEIDI-PC Heidi MESSAGE Stopping IP protection 2012/05/29 10:40:41 -0400 HEIDI-PC Heidi MESSAGE IP Protection stopped 2012/05/29 10:40:45 -0400 HEIDI-PC Heidi MESSAGE Database refreshed successfully 2012/05/29 10:40:45 -0400 HEIDI-PC Heidi MESSAGE Starting IP protection 2012/05/29 10:40:48 -0400 HEIDI-PC Heidi MESSAGE IP Protection started successfully 2012/05/29 17:04:23 -0400 HEIDI-PC Heidi MESSAGE Starting protection 2012/05/29 17:04:28 -0400 HEIDI-PC Heidi MESSAGE Protection started successfully 2012/05/29 17:04:31 -0400 HEIDI-PC Heidi MESSAGE Starting IP protection 2012/05/29 17:04:34 -0400 HEIDI-PC Heidi MESSAGE IP Protection started successfully 2012/05/29 19:17:26 -0400 HEIDI-PC chelsea MESSAGE Starting protection 2012/05/29 19:17:30 -0400 HEIDI-PC chelsea MESSAGE Protection started successfully 2012/05/29 19:17:33 -0400 HEIDI-PC chelsea MESSAGE Starting IP protection 2012/05/29 19:17:36 -0400 HEIDI-PC chelsea MESSAGE IP Protection started successfully 2012/05/30 00:01:15 -0400 HEIDI-PC chelsea MESSAGE Executing scheduled update: Daily 2012/05/30 00:01:28 -0400 HEIDI-PC chelsea MESSAGE Starting database refresh 2012/05/30 00:01:28 -0400 HEIDI-PC chelsea MESSAGE Stopping IP protection 2012/05/30 00:01:28 -0400 HEIDI-PC chelsea MESSAGE Scheduled update executed successfully: database updated from version v2012.05.29.04 to version v2012.05.29.07 2012/05/30 00:04:51 -0400 HEIDI-PC chelsea MESSAGE IP Protection stopped 2012/05/30 00:04:55 -0400 HEIDI-PC chelsea MESSAGE Database refreshed successfully 2012/05/30 00:04:55 -0400 HEIDI-PC chelsea MESSAGE Starting IP protection 2012/05/30 00:04:59 -0400 HEIDI-PC chelsea MESSAGE IP Protection started successfully 2012/05/30 05:50:16 -0400 HEIDI-PC Heidi MESSAGE Starting protection 2012/05/30 05:50:20 -0400 HEIDI-PC Heidi MESSAGE Protection started successfully 2012/05/30 05:50:23 -0400 HEIDI-PC Heidi MESSAGE Starting IP protection 2012/05/30 05:50:26 -0400 HEIDI-PC Heidi MESSAGE IP Protection started successfully 2012/05/30 07:01:56 -0400 HEIDI-PC Heidi IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 51106, Process: firefox.exe) 2012/05/30 07:01:56 -0400 HEIDI-PC Heidi IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 51107, Process: firefox.exe) 2012/05/30 07:01:56 -0400 HEIDI-PC Heidi IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 51108, Process: firefox.exe) 2012/05/30 07:03:00 -0400 HEIDI-PC Heidi IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 51160, Process: firefox.exe) 2012/05/30 07:03:00 -0400 HEIDI-PC Heidi IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 51164, Process: firefox.exe) 2012/05/30 07:03:00 -0400 HEIDI-PC Heidi IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 51173, Process: firefox.exe) I have noticed an issue with Windows Defender now too. It will turn off and then will not turn on again (time out) unless you restart the computer.

Which log do you want from Mbam? The todays protection log or the most current mbam log?

Here are the two things that popped up. I will do the scan now .1. C:\programdata\Iolo\systemshield\quarantined\DoraAdventure W32/NewMalware-LSR-based-Maxim 2. C:\Programdata\iolo\systemshield\quarantined\71B5DAE-302B W32/NewMalware-LSR-based-Maxim

Everything was fine until the MP needed to be upgraded. Then Windows defender quarantined the same two malware`s that I posted before. The Dora and the other one (up thread). The computer is acting fine. None of the other issues with the browser`s like before. Just this morning the trial malwarebytes told me that it stopped a virus from getting in. So I am wondering if it is coming from the virus protection. I am going to purchase Malwarebytes when the trial is over. Another weird thing happened that makes me think it is related. About a few days after you fixed the computer, I get a weird phone call from the NY area. They told me that there were virus attacks in my area and that they had been told I had an issue. I needed to turn on my computer. I told them off basically because I did not fall off the turnip truck. But it creeped us out and wondered if it was connected at all. Anyway, I did the upgrade on the iolo and it is quarantined. If It happens again, I am gonna fling this laptop off my front porch.

All done. Thank you Elise! I am super happy! I am going to tell everyone that this is the place to go and this is the program to have on their computers. I am going to most definitely download full version. I came home from a bad vacation to a limping computer. You got rid of it! Bless you. You can close the topic now.

I typed in combofix/uninstall in the Run box. It says it does not find that on the computer. I double checked that I typed it correctly and it did the same thing. Oh! I am so happy that you helped me. I am definitely coming back to hit your donate button when the paycheck comes in. And other then the thing up top. Everything is good.

I will not be back on until tomorrow morning. Have a good one. See you then.

Here is the next scan. C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bk1 a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bk2 a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined C:\ProgramData\iolo\System Shield\Quarantined\C2DC25F-65B95BCF.INFECTED multiple threats deleted - quarantined C:\Users\chelsea\Downloads\Adobe Photoshop CS5 or extended activator VIRUS FREE.zip Win32/HackKMS.A application deleted - quarantined C:\Users\chelsea\Downloads\openfreely_1296.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined C:\Users\Heidi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7ce16a0a-45e03a4d Java/TrojanDownloader.Agent.NDR trojan deleted - quarantined

I started it at 330pm and it is still at 44% at 6pm. Hoping it gets done before I go to bed. LOL It has found 10 things already.

Browser is working fine now. That snap.do is gone. The only thing was when I did the full scan, I got the pop up saying that I had those two malwares that I posted above before. One was a Dora one. And we still have to fix those things on the desktop. But so far, so good.