Jump to content

1972vet

Experts
  • Content Count

    1,341
  • Joined

  • Last visited

Posts posted by 1972vet


  1. MB just asked today if I wanted to upgrade. Immediately upon upgrading I went to visit a website where I always go to purchase my ecigs supplies. MB popped up the message that the website is a "Fraud". Can someone look into this and let me know if I've been dupped? Thanks

    (alleged fraud website would be dubdubdub..v2.com)

     


  2. There are more than a few problems, but before we proceed you should look for and uninstall the following program:
    QuickShare

    QuickShare is an adware program most commonly bundled with other "Free" downloaded software of certain type(s). This particular piece of vermin has almost rootkit type capabilities (...almost, although not quite).

    You should use caution when downloading/installing programs from the internet and uncheck certain items (when available as an option) so that other "PUP" type software won't be surreptitiously installed.

    Next, you need to decide upon, which of these you would prefer to keep and which to uninstall:
    AVG AntiVirus Free Edition 2014
    Symantec AntiVirus Corporate Edition


    ...having both of those programs installed and running real time protection will cause instability and eventually a system crash with the potential of data loss of course. These two programs alone, running while you try to scan with mbam would in fact, cause such a struggle among them that the system would freeze up just as you have described.

    You really have no need of this program either:
    Spybot - Search & Destroy

    Once you have completed all of the above, please reboot the system and try running a threat scan with mbam. Post back the resulting log. Thanks!

  3. Greetings Mr. Bojangles and thank you for your patience,

    Please disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here. Next, please download the free utility DDS from any of these locations...Here, Here...or Here.
    Note - Some infections may prevent certain executable files from running on your computer. If one of these download locations results in a failed run of the utility, please try the next location until you find one that will work on your machine
    Double click the downloaded dds utility to run the tool

    • When it completes, DDS will open two (2) logs:
      • DDS.txt
      • Attach.txt
    • Save both reports to your desktop.

    Please remember to include the following logs in your next reply, Thanks!

    • DDS.txt
    • Attach.txt

  4. Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

    Other members who need assistance please start your own topic in a new thread. Thanks!

    The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.


  5. I can't really see a difference as of now but initaily my post was because of my Window Update and Software Licensing Service not working. I talked to Microsoft and they told me I had a "polymorphic" virus. So, this is why I am here to cleanse my system. I feel much better now with your time and support but upon checking my Window Update and other Windows tools it is still the same. Not working. Other than that, computer is good. If you have any other advice regarding this please do let me know I did make a forum thread on a Windows Validation forum, no luck either. I've been back and forth with them and you :) If you have no other answers or suggestions for this I will have to reinstall Windows Vista. Again, thanks for everything and I will keep you posted if anything else comes up.

    I won't insist that Microsoft is wrong about that but...I see no evidence of it in any of the logs you produced, neither have you really complained of anything that indicates a "virut" (polymorphic file infector virus) infection.

    As with various "other" malicious codes that can infect a Windows platform, many of them can produce the type of symptoms you HAVE complained of, i.e. Windows update not working, Windows activation issues...

    However, in that event, it is Microsoft who needs to counsel you regarding their recommendation(s) to resolve the Windows activation (validation) issue. That said, it would seem to me that you might feel as though you are being passed back and forth. I'm not suggesting you go back to Microsoft though, since it's rather foolish to expect different results when trying the same thing twice.

    I would advise, that if you are able to reformat and reinstall the operating system, that it would be the best alternative to resolve your issue(s).

    If you just want a second opinion, you can run through the instructions Here to see what turns up. Dr. WebCurit has been quite successful in identifying/removing/cleaning various virut infections of late, whereas, heretofore, a virut infection was pretty well, "game over" for most users.

    Aside from that, I have no other advice but please do let us know what you decide and how it turns out for you.

    Warm regards and best wishes,

    vet


  6. The symantec document entry, I find, relates to an update you once had which prevented the registration reminder from continuing to pop up. I find nothing relating to it in the combofix log so your best bet is to just run the symantec removal tool which purports to remove all remnants of any failed symantec uninstall:

    Download their Removal Tool and run it. When it completes, just delete the tool from the desktop.

    Next, we need to run combofix again, using a script this time...so please disable the on board security products as before, thanks! Please open a blank Notepad by clicking start-->run...Then, in the run box type Notepad.exe and click "OK".

    Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

    Combofix will run again automatically. Please post back the new log that will be generated. Thanks!

    Note:

    Do not mouseclick combofix's window while it's running. That may cause it to stall

    killall::

    folder::

    c:\users\Master Account\AppData\Roaming\GlarySoft

    c:\users\Master Account\AppData\Roaming\Dropbox

    c:\programdata\ErrorEND

    c:\program files\ErrorEND

    c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}

    c:\program files\IObit

    driver::

    AdvancedSystemCareService5

    AdvancedSystemCareService6

    registry::

    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]

    [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

    dds::

    uInternet Settings,ProxyServer =

    firefox::

    FF - ProfilePath - c:\users\Master Account\AppData\Roaming\Mozilla\Firefox\Profiles\0uutxuxw.default\

    FF - ExtSQL: 2013-03-01 17:11; ascsurfingprotection@iobit.com; c:\users\Master Account\AppData\Roaming\Mozilla\Firefox\Profiles\0uutxuxw.default\extensions\ascsurfingprotection@iobit.com

    reglock::

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]


  7. OK, thanks for taking a look...we need to do some surgery to remove it as it is a driver which will conflict with your other security programs, not to mention instability that can also result from stray drivers left behind. Please do this:

    Please disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here.

    ...of those, many people overlook the Windows Defender since, for most, there is no icon for it in the system tray. Scroll through those directives above and look for this application specifically, to make certain it is disabled (Microsoft Security Essentials users can disregard the Windows Defender disable instruction since while MSE is installed, Windows Defender is disabled already by default).

    Please download combofix from This Webpage...and read through the instructions there for running the tool.

    ***Important Note***

    Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

    If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.

    The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

    Once installed, a blue screen prompt should appear that reads as follows:

    The Recovery Console was successfully installed.

    When you see that screen, please continue as follows:

    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

    Note:

    Do not mouseclick combofix's window while it's running....that may cause the scan to stall


  8. Thanks RoadGuy,

    There's no need to change anything via the msconfig utility, but if you DO open it and visit the "Startup" tab, whether an item is checked or not, it would still show you the file path. Look for it there and if you find it, and it's NOT checked, then leave it that way but post back here and let me know what the file path is. It would also be interesting if you find nothing there (which is what I actually suspect). That being the case, we might be more successful using a different utility to try removing it...let me know what you find so we'll know what our next step should be. Thanks!


  9. Now, please run a manual update to your on board mbam. When the update completes, please run a "Full" system scan...and post THAT log back here on your next reply. One other thing before closing mbam, I'd like you to click on the More Tools tab and download the "Startuplite" program. Run it...and make note of everything it lists. Somewhere on that list should appear the Symantec driver information. Post that information here as well. Thanks!


  10. Of your installed programs, most noticably, the following need attention:

    Dropbox <--Big Time Security Risk...Here's just one article about that but google would show you countless more.

    Glary Utilities 2.53.0.1726 <--Registry hack issues...please read more below, in the Blue text.

    IObit Malware Fighter <--Untrusted...please read the information provided in This Link for some clear and convincing evidence.

    Java™ 6 Update 13 <--Out dated and exploited...for the time being, please uninstall this version...we will install the latest verison later, once we're sure that system is cleaned.

    Symantec KB-DocID:2003093015493306 <--I don't know what this is, or why it would be installed on that system since it's apparent ther is no Symantec product installed. Please uninstall this too.

    TeamViewer 7 <--This is a "Remote Access" program. Not typically a risk but could certainly become one if you aren't vigilant. Using these type programs is fine so long as you maintain STRONG PASSWORDS.

    Viewpoint Media Player Foistware...and perhaps, redundant as are programs like RealPlayer and QuickTime. Unless you use these, please uninstall them...adware supported issues are prevelant among them.

    Regarding programs which purport to "clean" and or "enhance" the registry and operating system:

    Contrary to a very popular belief, the Windows registry has no need of cleaning.

    Trimming down the registry by removing orphaned entries will have such a miniscule effect that any positive result will go unnoticed. I challenge anyone to prove otherwise, as any boot time difference would have to be measured in microseconds.

    Unless the user considers themselves to be an expert user, caution with these type programs is strongly urged. More often than not, novice users of these type programs report operating system issues (and software as well) which include blue screen stop errors, unresponsive programs and non booting systems.

    For those folks, these type programs became the problem rather than the solution. If you think you are of the "expert" level, then these type programs are fine for you...otherwise, I would suggest that you use the program to navigate to it's "backup" folder, find every registry entry that was removed and restore them. Once you're done that, then please uninstall that program.

    For that matter, if it were me, I would uninstall ALL of those programs I listed for you above. On your next reply, please run a fresh DDS scan and post the resulting logs. Thanks!

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.