Jump to content

1972vet

Experts
  • Content Count

    1,341
  • Joined

  • Last visited

Posts posted by 1972vet

  1. MB just asked today if I wanted to upgrade. Immediately upon upgrading I went to visit a website where I always go to purchase my ecigs supplies. MB popped up the message that the website is a "Fraud". Can someone look into this and let me know if I've been dupped? Thanks

    (alleged fraud website would be dubdubdub..v2.com)

     

  2. Installation went fine on my Win7 Ultimate x64-bit multi-boot 5 partition system (3=ntfs and 2=ext4) system...accepted reboot request which went quick very impressive.

    Startup was also quick and impressive. Balloon note for out of date data base (data base older than 7 days) popped up and update was also quick.

    Flash and Quick scan logs below:

    Malwarebytes Anti-Malware (PRO) 1.60.1.1000

    www.malwarebytes.org

    Database version: v2012.01.21.01

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    Dave :: DAVE-PC [administrator]

    Protection: Enabled

    1/21/2012 4:21:24 AM

    mbam-log-2012-01-21 (04-21-24).txt

    Scan type: Flash scan

    Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

    Scan options disabled: Registry | File System

    Objects scanned: 166190

    Time elapsed: 31 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    *************************************

    Malwarebytes Anti-Malware (PRO) 1.60.1.1000

    www.malwarebytes.org

    Database version: v2012.01.21.01

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    Dave :: DAVE-PC [administrator]

    Protection: Enabled

    1/21/2012 4:22:58 AM

    mbam-log-2012-01-21 (04-22-58).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Shuriken | PUP | PUM | P2P

    Scan options disabled: Heuristics/Extra

    Objects scanned: 33415

    Time elapsed: 5 minute(s),

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

  3. No. Thanks sUBs. That database info was after a reboot this morning. Don't recall what it was yesterday at the time of the warning but I can see, you're on it. The app downloads the latest updates so with that, I restored the quarantined item and rebooted again. Now it's no longer detected. The detection yesterday was after a reboot. It was on startup that the warning message told about the item in question trying to start. With this mornings reboot, there was no warning.

  4. We need more facts. How many users are there and tell us if they have limited or elevated privileges (this will allow us to determine if a possibility exists to get started by using either a floppy or a hard disk with basic input/output?

    Are you now using, or have you ever used an external hard disk? If so, when and how many.

    Tell us the size of the internal hard disk and how old it is (they become unpredictable after years of use)?

    What about peripherals...was everything inserted in the proper connection receptacle for this testing session?

    ...and most importantly, have you made certain that you haven't discombobulated the fragistat? :)

  5. On the LCD screen, at the bottom there should be an LED indicator light. When you first boot up, take note of that light color. When the desktop stabilizes and you are ready to go, that light should be blue. While it's up and running for a while you noticed the LCD monitor turns black. At that time, what color is that LED indicator light? Still blue? Yellow? None existent? You should also make certain the cables are securely attached. Tried Windows Update site to see if it finds an updated driver? Has a driver roll back fixed the issue? There are quite a few reasons for the issue, but if all those fail, it may just be a bad monitor that should be returned for a refund or replaced by the warranty.

  6. Make sure you have the correct input source selected on your screen by checking the socket where it's plugged. White is usually digital and Blue would be analog. There should be an input button on the monitor. Probably the first button on the bottom right of the screen. If not, you may have to access the menu to change your input source. If that doesn't correct the problem then I would suspect some sort of physical damange...in which case, you should locate your warranty paper or receipt. If you just purchased it, I'd return it. If you've had it several weeks or so, they may not let you return it but the warranty should certainly take care of it.

  7. Greetings Adam608 and Welcome to the Forums,

    I'm so sorry to have read your thread(s) only to learn you were unable to resolve your issue. And, on the other hand, very glad to see you now have reinstalled your operating system as your patience wore through. That is indeed very understandable...and regrettable. Again, sorry...

    Many of these excellent volunteers who work the help forum here at Malwarebytes also work the help requests at various other forums. I'd say on average, each one of us are staff members at...probably about 5 other forums.

    I do not usually respond to any of the help requests here at Malwarebytes forums as I am usually overwhelmed by the number of help requests I tend to at other forums. Usually, but not always, those with Moderator responsibilities are not often first responders...that aside, I must say I felt compelled to say a word or two in this thread, specifically regarding this compliment/complaint:

    Great product... shame about the helpforum!

    To address the compliment First, on behalf of all the hard work that these excellent programmers put into the product "MalwareBytes Anti-Malware" I will say, "thank you very much".

    To address the complaint, I should point out that these various help forums where we all offer our assistance are staffed by volunteers who produce outstanding results at the most affordable price...free of charge.

    I can agree, it is a shame that we sometimes cannot answer every request for help. What I cannot agree to is a generalized "shame" tag pinned on any particular help forum staffed by volunteers who work at their leisure without compensation.

    We all have other responsibilities we must attend to in addition to our volunteer service...families, jobs, school, and just life in general as it goes on for each of us.

    We each have the same variety of items on our agenda as any other human. We attend weddings, graduations, funerals, church services...we go shopping, visit with our neighbors, cut the grass, play with our children, take vacations...you know...normal everyday people.

    Again, sorry we didn't get to you in the time frame you evidently expected. Had you waited, you would have been pleased with the results but no one here can blame you for following your own agenda.

    Glad you like the product. Sorry you didn't like the volunteer service...but please consider the fact that it is free.

  8. This issue appears resolved and the thread is closed to prevent others from posting here.

    Other members who need assistance please start your own topic in a new thread. Thanks!

    The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

  9. Great! You can delete these now:

    DDS.scr

    DDS.txt

    Attach.txt

    GMER.zip

    GMER.exe

    Your occasional freeze issue during idle time could just be related to an out dated driver somewhere on the system. Be sure to check all of your installed software for updates from the manufacturer(s) website(s). Sometimes, these can be found on the Windows Update site but not always for all of your software/hardware installations. It's always best to do an individual search for each piece installed.

    Commonly, reputable software authors will write into the program some update feature whether automatic or manual. You can navigate each program's GUI and look for an "Update" feature. Usually you will find it listed under "Tools", "Options", "Preferences".

    Next, please click start-->run...then copy and paste the Bold text below into the run box and click "OK":

    ComboFix /Uninstall

    Performing this function will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again for you automatically.

    To assist in the prevention of spyware infections:

    Immunize your browser by installing Spywareblaster. What does it do?

    • Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
    • Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
    • Restricts the actions of potentially unwanted sites in Internet Explorer.

    Keep your anti-virus and spyware definitions up to date. Be sure to scan often.

    Web of Trust, (WOT,) warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an add-on available for both Firefox and IE.

    Install the Winpatrol security monitor utility. WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. What I hear most from users is how much they like the startup control feature and it's ease of use. Need help understanding something about Winpatol? Here it is.

    Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.

    You should always have at least (but not more than ) one of these types of third party firewalls running on board:

    Sunbelt Personal Firewall

    Zone Alarm Beware This download includes the Ask Toolbar...The ZoneAlarm Spy Blocker toolbar is powered by "Ask.com". The "Ask" search engine will cause "targeted" ads to be presented to you based upon the content of the web pages you visit, any personally identifiable information you have provided to "Ask.com", or keywords appearing in your search queries. Many security experts consider this type of behavior offensive...Windows 2k/XP/Vista

    Outpost Free

    Comodo Beware This download includes the HopSurf toolbar...If YOU DONT WANT THIS TOOLBAR be sure to remove the check from the box when presented during the installation. By installing the HopSurf toolbar, you grant Comodo permission to collect information about your Internet usage. Read the HopSurf EULA. Don't be too alarmed by this caveat...I highly recommend this firewall, but it may just be best suited for advanced users.

    Keep your software updated...make it easier on yourself and install the free security tool "Secunia PSI"

    It helps in the background to protect your system against software vulnerabilities. The free utility scans your system's software applications and offers a one button "Download "Solution" feature that updates the exploited software that it finds AND provides other related information/patching if warranted.

    Stay updated with the most recent Windows patches as well...using Microsoft's Windows Update. Make it easy on yourself, and set this feature to Automatic.

    Using an alternate browser can reduce your chance of certain infections installing themselves. I recommend installing Mozilla Firefox. If you don't already have "Firefox", please consider installing and using this browser for surfing.

    If you still wish to use Internet Explorer, please make sure you install SpywareBlaster (from above) to protect you from most ActiveX infections.

    Run CCleaner often. The Yahoo Toolbar is included by default during the installation...if you DO NOT WANT IT, be sure to remove the check from the "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser" option during installation setup or else just download the Slim version (no toolbar...last download link at the bottom of that page)...

    Or if you just want to run your on board Disk Cleanup:

    ("Start--> Programs-->Accessories-->System Tools-->Disk Cleanup" ), just open the utility and check off the following:

    Downloaded Program Files, Temporary Internet Files, Recycle Bin, and Temporary Files. Don't forget to defrag the system.

    So how did I get infected in the first place?

    Regards, and Happy Surfing!

  10. There were (still are), some questionable items in the last combofix log but not significant enough (at that time) to rattle my cage. However, there are now a couple new things I am troubled about that I just recently became aware of...the latest Java exploit affecting even the most up to date version, and the issue McAfee has had with removing a critical system file affecting Windows XPSP2.

    I know I had already addressed an outdated and exploited java issue and had you install the latest version. It wasn't until after that, I became aware of this issue. Additionally, I just became aware of the McAfee issue last evening.

    As it seems from your description of current performance issues, that things with your system are still not quite right with the universe, I would like you to uninstall both of them (Java and McAfee) for the time being. If you know how to disable java for all browsers then that's fine, otherwise, uninstalling it entirely is the better plan I believe (for that system).

    Until both issues are resolved, it would be better for you if your system were not even running a Java enabled program...additionally, I would suggest using one of the proven and effective antivirus programs available free on the public domain.

    Please select and install One of these free antivirus applications:

    Microsoft Security Essentials

    AntiVir Personal Edition Classic

    Avast! 4 Home Edition

    After successful installation, please reboot the computer.

    When the system comes up, run a manual update to the antivirus program you installed. Download and install everything it presented. When that completes, run the manual update again and once more install everything it finds. Continue in that manner until the manual update scan finds no more updates to install.

    When THAT completes, boot into safe mode and run a complete system scan. Post back the results. Thanks!

  11. Hard drives can fail at any time for several reasons but age and usage combined are always going to be a concern. It has been my experience over the past several decades to have witnessed hard drive failure on older systems just simply due to their age. It's most common I'd say to begin thinking of replacement in system's approaching the 5 year mark. Of course that is just a statistic and may not always apply.

    I simply mention it to give you a frame of reference for such a possibility.

    I'd say, all things considered, the system is probably just fine. On a system that old, it's not uncommon to see occasional blue screens of various origins. You can find out what is behind it by making a slight system change to prevent the reboot. At the times when the system finds it necessary to stop what's going on, instead of rebooting automatically it will just come to a screetching halt and present the blue stop screen instead. On that screen will be some valuable information relating to the cause. When that happens, write down exactly what is displayed on that screen with specific attention to any driver information at the bottom. To set this up, please do the following:

    Click start-->Control Panel-->System-->Advanced

    Under Startup and Recovery, remove the check from "Automatically restart".

    Click "OK", "Apply", and "OK" to close the System Properties box. Close the Control Panel and reboot the system.

    With this configuration, the next time your system crashes, the computer will freeze at the stop screen (Blue Screen of Death, or BSOD as it is known).

    As mentioned previously, when that happens, write the information down exactly as it appears on that screen, with specific detail relating to any driver information that should appear along the bottom of that screen.

    Post THAT information back here. Thanks!

  12. Alright then, let's tidy up a bit and sort things in their proper order to help speed things up for you. It may be that a cleanup is all that is needed to eliminate what may seem like a freeze issue. If such behavior continues afterward, check the event viewer log for details about a "Hang" issue:

    If you have more than one drive you can follow these instructions for each drive, substituting the drive letter in each instance:

    Delete Cookies

    ***Note***

    Deleting ALL cookies will require you to log back into any web sites you visit that required you to log on with a user ID and password.

    You CAN be selective here and keep the good cookies if you think you know which ones they are. I recommend deleting "All" cookies in order to remove any problems that may be present.

    • Click Start-->Run and Type Cookies then click OK.
      Click "Edit" from the menu at the top then scroll to and click on:
      Select All
      Next, click "File" from the menu at the top. Scroll to and select Delete
      Return to your desktop.

    Delete the Contents of the Prefetch Folder

    ***Note***

    It is not necessary to delete the contents of the "Prefetch" folder as a matter of routine. However, if your system has been in use for quite some time and you have installed, then uninstalled many programs, OR if you have recently gone through the removal of malware then deleting the contents of the "Prefetch" folder may be beneficial as it can become quite bloated in time, as well it may contain entries from the malware you have removed.

    • Click Start-->Run and Type Prefetch then click OK.
      Click "Edit" from the menu at the top then scroll to and click on:
      Select All
      Next, click "File" from the menu at the top. Scroll to and select Delete
      Return to your desktop

    Delete Windows Temp Files

    • Click Start-->Run, and Type Temp then click OK.
      Click "Edit" from the menu at the top then scroll to and click on:
      Select All
      Next, click "File" from the menu at the top. Scroll to and select Delete

    It is important to pay attention here to what files may remain after you click "Delete". There are some windows temp files that the system will not allow you to delete which is normal as there are a few files (from your most recent log on session) that are in use by the operating system. You should have only two or three files that remain. Please select what files remain (a few at a time) and delete everything that windows will allow you to delete.

    Return to your desktop

    • Delete User Temp Files
    • Click Start-->Run, and Type %Temp% then click OK.
      Click "Edit" from the menu at the top then scroll to and click on:
      Select All
      Next, click "File" from the menu at the top. Scroll to and select Delete
      Return to your desktop

    Delete other Unnecessary Files

    • Click Start-->My Computer-->Right Click on C:/ Drive Select "Properties" then click the Disk Clean-Up button. Select everything Except for "Office Set-Up Files" (if present) and "Compress Old Files". Click "OK".

    Run CHKDSK

    • Click the "Tools" Tab. Under Error Checking click the "Check Now" button. Under Check Disk Options put a check in Both boxes then Click Start. Click Yes then Click OK and reboot the system.

    This first reboot after you've completed the cleanup session will take a bit longer than usual. Let your system stabilize with no intervention...DO NOTHING WITH YOUR COMPUTER AT THIS TIME

    Allow the scan to complete. Upon completion, windows will reboot the system again.

    When the system comes back up and has stabilized (watch for the light on your CPU tower to stop blinking or at least slow to a crawl...this may take maybe 3 minutes or so) then continue with these instructions below:

    Click Start-->All Programs-->Accessories, and select The Command Prompt again.

    Copy and paste the following text at the

  13. Did you set up the proxy server settings yourself?

    Although you may have uninstalled ViewPoint, the FF plugin will remain. In FireFox you can only disable it but you cannot uninstall a plugin. This isn't just peculiar to Viewpoint, it's the case with any plugin in Firefox. To disable it, click tools-->addons-->Plugins tab...locate the plugin in the list and click on it to highlight it, then click the "Disable" option button.

    Next, I should take a minute to explain a little about the Trusted Zone. The idea of such a feature is really suited for some corporate environment where multiple systems need access to a single source.

    That source, when placed in the trusted zone, can be accessed without incident by any one of those multiple systems no matter where they are located, in house or remote. The reason I say "without incident" is because the "source" is another one of the corporate owned systems maintained by the same IT department (also in house) and of course, the rest of those systems can safely place it in their trusted zone.

    When a home user places something from the internet in the trusted zone...something they really have no control over, it is equal to leaving their keys in the front door while they go away on vacation.

    Now...If I explained that well, and you agree that it is a bad idea then please, remove them...to do that, open "Internet Options" from within the control panel. Click the "Security" tab-->Trusted sites-->Sites button. Remove everything you find there inside the "Websites" window. Apply those changes and "OK" your way out to close the properties window...then close the control panel.

    Please open a blank Notepad by clicking start-->run

    Then, in the run box type Notepad.exe and click "OK".

    Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

    Combofix will run again automatically. Please post back the new log that will be generated and describe any issues that remain. Thanks!

    Note:

    Do not mouseclick combofix's window while it's running. That may cause it to stall

    Folder::

    c:\program files\Viewpoint

    Reglock::

    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

  14. Since you have AOL installed (AIM)...."ViewPoint" foistware will come along with it and will be recreated each time you run the AOL software Messenger, for example. You can prevent Viewpoint Manager or Viewpoint Media Player from being recreated every time you run the AOL software by doing the following:

    Open AOL...Go to Help on the toolbar. Select About AOL

    Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.

    Another way to prevent Viewpoint from being recreated every time you run the AOL software is:

    Click C:\Program Files\AOL 9.0\Jiti (a hidden folder).

    Rename viewpoint.exe to viewpoint.old.

    Also look in Services for Viewpoint Manager Service - Viewpoint Corporation. Click 'properties' and disable it.

    In addition to this suggestion, it is also recommended to uninstall the following software:

    Adobe Reader 7.0.9

    Java 2 Runtime Environment, SE v1.4.2_01

    ...both of which are outdated and exploited. You can install the latest Adobe reader Here, and the latest version of Java Here. Scroll down and click on the 2nd download link titled "Download JRE".

    • Select your Platform: "Windows".
    • Read the License Agreement, and then check the box that says: "I agree to the Java SE Runtime Environment...".
    • Click Continue and the page will refresh.
    • Click on the link to download Windows Offline Installation (Should be the very first one). Save it to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Navigate to and delete the Java folder:
      C:\Program Files\Java<-- indicated in Bold Red Text (if found). You may also find a folder labeled JRE and should delete that one as well.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the Java installer file you downloaded to your Desktop to install the newest version.

    -- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.

    -- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.

    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.

    To disable the JQS service if you don't want to use it:

    • Go to Start-->Control Panel-->Java-->Advanced-->Miscellaneous and uncheck the box for Java Quick Starter.
    • Click Ok and reboot your computer.

    Next, please download combofix from This Webpage...and read through the instructions there for running the tool.

    ***Important Note***

    Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

    If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.

    The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

    Once installed, a blue screen prompt should appear that reads as follows:

    The Recovery Console was successfully installed.

    When you see that screen, please continue as follows:

    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

    Note:

    Do not mouseclick combofix's window while it's running....that may cause the scan to stall

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.