TROJAN.BHO, PUP.FACETHEME & PUP.FCTPLUGIN PROBLEMS - NEED HELP !

[srrsue]

Hi Gringo - I did what you said, and could not reboot with system disk as I have VISTA oem from Hewlett Packard. Here is the frst.txt from my f:\ drive:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-05-2013

Ran by SYSTEM on 18-05-2013 09:59:04

Running from F:\

Windows Vista Home Basic (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317152 2006-10-18] (Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [291496 2009-05-01] ()

HKLM\...\Run: [LXCYCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 [106496 2006-11-21] (Lexmark International Inc.)

HKLM\...\Winlogon: [system]

HKU\Administrator\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]

HKU\Ed and Sue\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]

HKU\user\...\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup [ 2005-02-16] (InstallShield Software Corporation)

BootExecute: autocheck autochk /p \??\F:autocheck autochk *

========================== Services (Whitelisted) =================

S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-26] (Hewlett-Packard Development Company, L.P.)

S4 Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com)

S2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [58984 2006-12-04] (Hewlett-Packard)

S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)

S2 lxcy_device; C:\Windows\system32\lxcycoms.exe [537520 2006-11-29] ( )

S2 NIS; C:\Program Files\Norton Internet Security\Engine\20.3.1.22\diMaster.dll [554288 2013-03-29] (Symantec Corporation)

S4 Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)

S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1528672 2012-05-29] (TuneUp Software)

S2 UtilityChest_49Service; C:\PROGRA~1\UTILIT~2\bar\1.bin\49barsvc.exe [42504 2013-05-08] (COMPANYVERS_NAME)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130502.001\BHDrvx86.sys [1000024 2013-04-12] (Symantec Corporation)

S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1403010.016\ccSetx86.sys [134304 2012-11-15] (Symantec Corporation)

S1 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-06-28] (Hewlett-Packard Development Company, L.P.)

S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-11] (Symantec Corporation)

S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-08-11] (Symantec Corporation)

S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [159232 2007-02-22] (Conexant Systems Inc.)

S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130517.001\IDSvix86.sys [386720 2012-10-16] (Symantec Corporation)

S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130517.025\NAVENG.SYS [93296 2013-02-28] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130517.025\NAVEX15.SYS [1603824 2013-02-28] (Symantec Corporation)

S3 SRTSP; C:\Windows\System32\Drivers\NIS\1403010.016\SRTSP.SYS [602712 2013-01-28] (Symantec Corporation)

S1 SRTSPX; C:\Windows\system32\drivers\NIS\1403010.016\SRTSPX.SYS [32344 2013-01-28] (Symantec Corporation)

S0 SymDS; C:\Windows\System32\drivers\NIS\1403010.016\SYMDS.SYS [367704 2013-01-21] (Symantec Corporation)

S0 SymEFA; C:\Windows\System32\drivers\NIS\1403010.016\SYMEFA.SYS [934488 2013-01-30] (Symantec Corporation)

S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2012-10-17] (Symantec Corporation)

S1 SymIRON; C:\Windows\system32\drivers\NIS\1403010.016\Ironx86.SYS [175264 2012-11-15] (Symantec Corporation)

S1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1403010.016\SYMTDIV.SYS [350368 2013-01-30] (Symantec Corporation)

S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-08-10] (TuneUp Software)

S3 Afc; system32\drivers\Afc.sys [x]

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

S3 catchme; \??\C:\Users\EDANDS~1\AppData\Local\Temp\catchme.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-18 09:58 - 2013-05-18 09:58 - 00000000 ____D C:\FRST

2013-05-17 12:42 - 2013-05-17 12:42 - 00000233 ____A C:\Users\Ed and Sue\Desktop\REPAIR.BAT

2013-05-16 13:01 - 2013-05-16 13:01 - 00002588 ____A C:\Users\Ed and Sue\Desktop\FSS.txt

2013-05-16 12:59 - 2013-05-16 12:59 - 00354299 ____A (Farbar) C:\Users\Ed and Sue\Desktop\FSS.exe

2013-05-16 06:21 - 2013-05-16 06:21 - 00000000 ____D C:\Users\Ed and Sue\Desktop\backups

2013-05-16 06:09 - 2013-05-16 06:09 - 00003182 ____A C:\Users\Ed and Sue\Desktop\gringo email of thursday 5 16 2013.txt

2013-05-16 06:05 - 2013-05-17 12:50 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics

2013-05-16 06:04 - 2013-05-16 06:04 - 00001472 ____A C:\Windows\PFRO.log

2013-05-15 21:15 - 2013-05-16 06:12 - 00008776 ____A C:\Users\Ed and Sue\Desktop\hijackthis.log

2013-05-15 21:13 - 2013-05-15 21:13 - 00388608 ____A (Trend Micro Inc.) C:\Users\Ed and Sue\Desktop\HijackThis.exe

2013-05-15 20:40 - 2013-05-15 20:40 - 00001892 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2013-05-15 20:40 - 2013-05-15 20:40 - 00001892 ____A C:\ProgramData\Desktop\Adobe Reader X.lnk

2013-05-15 20:40 - 2013-05-15 20:40 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-05-15 20:40 - 2013-05-15 20:40 - 00000000 ____D C:\Program Files\Adobe

2013-05-15 19:36 - 2013-05-17 06:21 - 00001057 ____A C:\Users\Ed and Sue\Desktop\Revo Uninstaller.lnk

2013-05-15 19:36 - 2013-05-17 06:21 - 00000000 ____D C:\Program Files\VS Revo Group

2013-05-15 19:35 - 2013-05-15 19:35 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Ed and Sue\Desktop\revosetup.exe

2013-05-15 19:27 - 2013-05-15 19:27 - 00004650 ____A C:\Users\Ed and Sue\Desktop\GRINGO HELP PAGE THREE ON 5 15 2013 AT 11_28 PM EDST.txt

2013-05-15 18:24 - 2013-05-15 18:24 - 00009947 ____A C:\ComboFix.txt

2013-05-15 16:02 - 2013-05-15 16:02 - 00001284 ____A C:\Users\Ed and Sue\Desktop\DEAR ADMINISTRATOR MAY 15 2013.txt

2013-05-15 14:37 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2013-05-15 14:37 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2013-05-15 14:37 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2013-05-15 14:37 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2013-05-15 14:37 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2013-05-15 14:37 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2013-05-15 14:37 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2013-05-15 14:37 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2013-05-15 14:30 - 2013-05-15 18:24 - 00000000 ____D C:\Qoobox

2013-05-15 14:30 - 2013-05-15 14:54 - 00000000 ____D C:\Windows\erdnt

2013-05-15 14:28 - 2013-05-15 14:28 - 05066276 ____R (Swearware) C:\Users\Ed and Sue\Desktop\ComboFix.exe

2013-05-15 14:25 - 2013-05-15 14:25 - 00001677 ____A C:\Users\Ed and Sue\Desktop\GRINGO MALEWAREBYTES HELP PAGE TWO.txt

2013-05-15 05:21 - 2013-05-15 05:21 - 00002853 ____A C:\Users\Ed and Sue\Desktop\JRT.txt

2013-05-15 05:11 - 2013-05-15 05:11 - 00000000 ____D C:\Windows\ERUNT

2013-05-15 05:11 - 2013-05-15 05:11 - 00000000 ____D C:\JRT

2013-05-14 21:13 - 2013-05-14 21:14 - 00004054 ____A C:\AdwCleaner[s1].txt

2013-05-14 21:06 - 2013-05-14 21:06 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Ed and Sue\Desktop\JRT.exe

2013-05-14 21:04 - 2013-05-14 21:04 - 00628743 ____A C:\Users\Ed and Sue\Desktop\AdwCleaner.exe

2013-05-14 21:01 - 2013-05-14 21:01 - 00003779 ____A C:\Users\Ed and Sue\Desktop\GRINGO MALEWAREBYTES HELP PAGE ONE.txt

2013-05-14 13:56 - 2013-05-14 13:56 - 00013164 ____A C:\Users\Ed and Sue\Desktop\dds.txt

2013-05-14 13:56 - 2013-05-14 13:56 - 00011189 ____A C:\Users\Ed and Sue\Desktop\attach.txt

2013-05-14 13:44 - 2013-05-14 13:53 - 00688992 ____R (Swearware) C:\Users\Ed and Sue\Desktop\dds.scr

2013-05-09 09:56 - 2013-05-09 09:56 - 00001012 ____A C:\Users\Administrator\My Documents\cc_20130509_135606.reg

2013-05-09 09:56 - 2013-05-09 09:56 - 00001012 ____A C:\Users\Administrator\Documents\cc_20130509_135606.reg

2013-05-09 09:25 - 2013-05-09 09:25 - 00000000 ____D C:\Users\Administrator\Application Data\Malwarebytes

2013-05-09 09:25 - 2013-05-09 09:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes

2013-05-09 09:16 - 2013-05-09 09:16 - 00000949 ____A C:\Users\Administrator\Desktop\Internet Explorer.lnk

2013-05-09 09:16 - 2013-05-09 09:16 - 00000000 ____D C:\Users\Administrator\Application Data\Norton Utilities 14

2013-05-09 09:16 - 2013-05-09 09:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Norton Utilities 14

2013-05-09 08:55 - 2013-05-09 08:55 - 00094144 ____A C:\Users\Administrator\Local Settings\GDIPFONTCACHEV1.DAT

2013-05-09 08:55 - 2013-05-09 08:55 - 00094144 ____A C:\Users\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2013-05-09 08:55 - 2013-05-09 08:55 - 00094144 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\Local Settings\UtilityChest_49

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\Local Settings\IAC

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\Local Settings\Google

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\Local Settings\Application Data\UtilityChest_49

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\Local Settings\Application Data\IAC

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\Local Settings\Application Data\Google

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\Application Data\Macromedia

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\Application Data\Google

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\Application Data\Adobe

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Google

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\UtilityChest_49

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\IAC

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google

2013-05-08 16:55 - 2013-05-08 16:55 - 00000000 ____D C:\Users\Administrator\Application Data\TuneUp Software

2013-05-08 16:55 - 2013-05-08 16:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TuneUp Software

2013-05-08 16:50 - 2013-05-09 10:14 - 00000000 ____D C:\users\Administrator

2013-05-08 16:50 - 2013-05-08 16:50 - 00000020 ___SH C:\Users\Administrator\ntuser.ini

2013-05-08 16:50 - 2011-03-02 05:45 - 00000000 ____D C:\Users\Administrator\Application Data\Mozilla

2013-05-08 16:50 - 2011-03-02 05:45 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla

2013-05-08 16:50 - 2010-03-06 07:17 - 00000000 ____D C:\Users\Administrator\Local Settings\Microsoft Help

2013-05-08 16:50 - 2010-03-06 07:17 - 00000000 ____D C:\Users\Administrator\Local Settings\Application Data\Microsoft Help

2013-05-08 16:50 - 2010-03-06 07:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help

2013-05-08 15:38 - 2013-05-08 15:38 - 00000000 ____D C:\Program Files\UtilityChest_49

2013-05-08 14:36 - 2013-05-08 15:25 - 00000000 ____D C:\Users\Ed and Sue\Local Settings\NPE

2013-05-08 14:36 - 2013-05-08 15:25 - 00000000 ____D C:\Users\Ed and Sue\Local Settings\Application Data\NPE

2013-05-08 14:36 - 2013-05-08 15:25 - 00000000 ____D C:\Users\Ed and Sue\AppData\Local\NPE

2013-05-08 13:29 - 2013-05-08 13:29 - 00002008 ____A C:\Users\Ed and Sue\My Documents\cc_20130508_172922.reg

2013-05-08 13:29 - 2013-05-08 13:29 - 00002008 ____A C:\Users\Ed and Sue\Documents\cc_20130508_172922.reg

2013-05-08 08:14 - 2013-05-08 08:14 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-05-08 08:14 - 2013-05-08 08:14 - 00000906 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk

2013-05-08 08:14 - 2013-05-08 08:14 - 00000000 ____D C:\Users\Ed and Sue\Application Data\Malwarebytes

2013-05-08 08:14 - 2013-05-08 08:14 - 00000000 ____D C:\Users\Ed and Sue\AppData\Roaming\Malwarebytes

2013-05-08 08:14 - 2013-05-08 08:14 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-05-08 08:14 - 2013-05-08 08:14 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes

2013-05-08 08:14 - 2013-05-08 08:14 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-05-08 08:14 - 2013-04-04 10:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-05-05 18:03 - 2013-05-05 18:03 - 00000229 ____A C:\Users\Ed and Sue\Desktop\Restaurant.com Dining Certificate.url

2013-05-04 17:26 - 2013-05-04 17:26 - 00000804 ____A C:\Users\Public\Desktop\CCleaner.lnk

2013-05-04 17:26 - 2013-05-04 17:26 - 00000804 ____A C:\ProgramData\Desktop\CCleaner.lnk

2013-05-04 17:26 - 2013-05-04 17:26 - 00000000 ____D C:\Program Files\CCleaner

2013-04-21 07:20 - 2013-04-21 07:20 - 00001173 ____A C:\Users\Ed and Sue\Desktop\Norton Internet Security - Shortcut (2).lnk

2013-04-18 07:16 - 2013-04-18 07:16 - 00000000 ____D C:\Users\Ed and Sue\Application Data\InstallShield

2013-04-18 07:16 - 2013-04-18 07:16 - 00000000 ____D C:\Users\Ed and Sue\AppData\Roaming\InstallShield

2013-04-18 07:15 - 2013-04-18 07:15 - 00000000 ____D C:\Users\Ed and Sue\My Documents\TurboTax

2013-04-18 07:15 - 2013-04-18 07:15 - 00000000 ____D C:\Users\Ed and Sue\Documents\TurboTax

2013-04-18 07:15 - 2013-04-18 07:15 - 00000000 ____D C:\Users\Ed and Sue\Application Data\Intuit

2013-04-18 07:15 - 2013-04-18 07:15 - 00000000 ____D C:\Users\Ed and Sue\AppData\Roaming\Intuit

==================== One Month Modified Files and Folders ========

2013-05-18 09:58 - 2013-05-18 09:58 - 00000000 ____D C:\FRST

2013-05-18 05:45 - 2010-01-07 00:40 - 01319877 ____A C:\Windows\WindowsUpdate.log

2013-05-18 05:45 - 2006-11-02 04:58 - 00032548 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-05-18 05:45 - 2006-11-02 04:58 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-18 05:45 - 2006-11-02 04:45 - 00003296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-18 05:45 - 2006-11-02 04:45 - 00003296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-18 05:36 - 2006-11-02 02:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-18 05:34 - 2012-11-29 21:14 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-18 05:29 - 2011-03-13 17:46 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-05-17 12:50 - 2013-05-16 06:05 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics

2013-05-17 12:50 - 2011-03-13 17:46 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-05-17 12:50 - 2010-01-13 11:54 - 00080554 ____A C:\ProgramData\nvModes.dat

2013-05-17 12:50 - 2010-01-13 11:54 - 00080554 ____A C:\ProgramData\nvModes.001

2013-05-17 12:50 - 2010-01-13 11:54 - 00080554 ____A C:\ProgramData\Application Data\nvModes.dat

2013-05-17 12:50 - 2010-01-13 11:54 - 00080554 ____A C:\ProgramData\Application Data\nvModes.001

2013-05-17 12:42 - 2013-05-17 12:42 - 00000233 ____A C:\Users\Ed and Sue\Desktop\REPAIR.BAT

2013-05-17 06:21 - 2013-05-15 19:36 - 00001057 ____A C:\Users\Ed and Sue\Desktop\Revo Uninstaller.lnk

2013-05-17 06:21 - 2013-05-15 19:36 - 00000000 ____D C:\Program Files\VS Revo Group

2013-05-16 13:01 - 2013-05-16 13:01 - 00002588 ____A C:\Users\Ed and Sue\Desktop\FSS.txt

2013-05-16 12:59 - 2013-05-16 12:59 - 00354299 ____A (Farbar) C:\Users\Ed and Sue\Desktop\FSS.exe

2013-05-16 12:14 - 2012-09-18 18:45 - 00001356 ____A C:\Users\Ed and Sue\Local Settings\d3d9caps.dat

2013-05-16 12:14 - 2012-09-18 18:45 - 00001356 ____A C:\Users\Ed and Sue\Local Settings\Application Data\d3d9caps.dat

2013-05-16 12:14 - 2012-09-18 18:45 - 00001356 ____A C:\Users\Ed and Sue\AppData\Local\d3d9caps.dat

2013-05-16 06:21 - 2013-05-16 06:21 - 00000000 ____D C:\Users\Ed and Sue\Desktop\backups

2013-05-16 06:12 - 2013-05-15 21:15 - 00008776 ____A C:\Users\Ed and Sue\Desktop\hijackthis.log

2013-05-16 06:09 - 2013-05-16 06:09 - 00003182 ____A C:\Users\Ed and Sue\Desktop\gringo email of thursday 5 16 2013.txt

2013-05-16 06:05 - 2011-02-26 14:34 - 00000245 ____A C:\ProgramData\hpqp.ini

2013-05-16 06:05 - 2011-02-26 14:34 - 00000245 ____A C:\ProgramData\Application Data\hpqp.ini

2013-05-16 06:04 - 2013-05-16 06:04 - 00001472 ____A C:\Windows\PFRO.log

2013-05-15 21:13 - 2013-05-15 21:13 - 00388608 ____A (Trend Micro Inc.) C:\Users\Ed and Sue\Desktop\HijackThis.exe

2013-05-15 20:54 - 2012-06-10 18:49 - 00000000 ____D C:\Users\Ed and Sue\Local Settings\CrashDumps

2013-05-15 20:54 - 2012-06-10 18:49 - 00000000 ____D C:\Users\Ed and Sue\Local Settings\Application Data\CrashDumps

2013-05-15 20:54 - 2012-06-10 18:49 - 00000000 ____D C:\Users\Ed and Sue\AppData\Local\CrashDumps

2013-05-15 20:45 - 2012-04-01 10:23 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-05-15 20:45 - 2011-05-16 05:08 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-05-15 20:45 - 2007-01-20 01:27 - 00000000 ____D C:\ProgramData\Application Data\Adobe

2013-05-15 20:45 - 2007-01-20 01:27 - 00000000 ____D C:\ProgramData\Adobe

2013-05-15 20:40 - 2013-05-15 20:40 - 00001892 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2013-05-15 20:40 - 2013-05-15 20:40 - 00001892 ____A C:\ProgramData\Desktop\Adobe Reader X.lnk

2013-05-15 20:40 - 2013-05-15 20:40 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-05-15 20:40 - 2013-05-15 20:40 - 00000000 ____D C:\Program Files\Adobe

2013-05-15 19:49 - 2007-01-20 01:55 - 00000000 ____D C:\Program Files\Common Files\Java

2013-05-15 19:40 - 2012-06-10 18:56 - 00000000 ____D C:\Users\Ed and Sue\Local Settings\Application Data\Adobe

2013-05-15 19:40 - 2012-06-10 18:56 - 00000000 ____D C:\Users\Ed and Sue\Local Settings\Adobe

2013-05-15 19:40 - 2012-06-10 18:56 - 00000000 ____D C:\Users\Ed and Sue\AppData\Local\Adobe

2013-05-15 19:35 - 2013-05-15 19:35 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Ed and Sue\Desktop\revosetup.exe

2013-05-15 19:27 - 2013-05-15 19:27 - 00004650 ____A C:\Users\Ed and Sue\Desktop\GRINGO HELP PAGE THREE ON 5 15 2013 AT 11_28 PM EDST.txt

2013-05-15 18:24 - 2013-05-15 18:24 - 00009947 ____A C:\ComboFix.txt

2013-05-15 18:24 - 2013-05-15 14:30 - 00000000 ____D C:\Qoobox

2013-05-15 18:21 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini

2013-05-15 16:02 - 2013-05-15 16:02 - 00001284 ____A C:\Users\Ed and Sue\Desktop\DEAR ADMINISTRATOR MAY 15 2013.txt

2013-05-15 14:56 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public

2013-05-15 14:56 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Default

2013-05-15 14:54 - 2013-05-15 14:30 - 00000000 ____D C:\Windows\erdnt

2013-05-15 14:28 - 2013-05-15 14:28 - 05066276 ____R (Swearware) C:\Users\Ed and Sue\Desktop\ComboFix.exe

2013-05-15 14:25 - 2013-05-15 14:25 - 00001677 ____A C:\Users\Ed and Sue\Desktop\GRINGO MALEWAREBYTES HELP PAGE TWO.txt

2013-05-15 05:21 - 2013-05-15 05:21 - 00002853 ____A C:\Users\Ed and Sue\Desktop\JRT.txt

2013-05-15 05:11 - 2013-05-15 05:11 - 00000000 ____D C:\Windows\ERUNT

2013-05-15 05:11 - 2013-05-15 05:11 - 00000000 ____D C:\JRT

2013-05-14 21:14 - 2013-05-14 21:13 - 00004054 ____A C:\AdwCleaner[s1].txt

2013-05-14 21:06 - 2013-05-14 21:06 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Ed and Sue\Desktop\JRT.exe

2013-05-14 21:04 - 2013-05-14 21:04 - 00628743 ____A C:\Users\Ed and Sue\Desktop\AdwCleaner.exe

2013-05-14 21:01 - 2013-05-14 21:01 - 00003779 ____A C:\Users\Ed and Sue\Desktop\GRINGO MALEWAREBYTES HELP PAGE ONE.txt

2013-05-14 13:56 - 2013-05-14 13:56 - 00013164 ____A C:\Users\Ed and Sue\Desktop\dds.txt

2013-05-14 13:56 - 2013-05-14 13:56 - 00011189 ____A C:\Users\Ed and Sue\Desktop\attach.txt

2013-05-14 13:53 - 2013-05-14 13:44 - 00688992 ____R (Swearware) C:\Users\Ed and Sue\Desktop\dds.scr

2013-05-09 10:14 - 2013-05-08 16:50 - 00000000 ____D C:\users\Administrator

2013-05-09 10:14 - 2012-06-09 11:26 - 00000000 ____D C:\users\Ed and Sue

2013-05-09 09:58 - 2006-11-02 02:22 - 49807360 ____A C:\Windows\System32\config\software.rmbak

2013-05-09 09:58 - 2006-11-02 02:22 - 00786432 ____A C:\Windows\System32\config\default.rmbak

2013-05-09 09:56 - 2013-05-09 09:56 - 00001012 ____A C:\Users\Administrator\My Documents\cc_20130509_135606.reg

2013-05-09 09:56 - 2013-05-09 09:56 - 00001012 ____A C:\Users\Administrator\Documents\cc_20130509_135606.reg

2013-05-09 09:25 - 2013-05-09 09:25 - 00000000 ____D C:\Users\Administrator\Application Data\Malwarebytes

2013-05-09 09:25 - 2013-05-09 09:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes

2013-05-09 09:25 - 2012-03-05 12:22 - 36433920 ____A C:\Windows\System32\config\components.rrr

2013-05-09 09:18 - 2010-03-12 13:52 - 00000000 ____D C:\Program Files\Norton Utilities 14

2013-05-09 09:16 - 2013-05-09 09:16 - 00000949 ____A C:\Users\Administrator\Desktop\Internet Explorer.lnk

2013-05-09 09:16 - 2013-05-09 09:16 - 00000000 ____D C:\Users\Administrator\Application Data\Norton Utilities 14

2013-05-09 09:16 - 2013-05-09 09:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Norton Utilities 14

2013-05-09 08:55 - 2013-05-09 08:55 - 00094144 ____A C:\Users\Administrator\Local Settings\GDIPFONTCACHEV1.DAT

2013-05-09 08:55 - 2013-05-09 08:55 - 00094144 ____A C:\Users\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2013-05-09 08:55 - 2013-05-09 08:55 - 00094144 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\Local Settings\UtilityChest_49

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\Local Settings\IAC

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\Local Settings\Google

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\Local Settings\Application Data\UtilityChest_49

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\Local Settings\Application Data\IAC

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\Local Settings\Application Data\Google

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\Application Data\Macromedia

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\Application Data\Google

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\Application Data\Adobe

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Google

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\UtilityChest_49

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\IAC

2013-05-09 08:54 - 2013-05-09 08:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google

2013-05-08 16:55 - 2013-05-08 16:55 - 00000000 ____D C:\Users\Administrator\Application Data\TuneUp Software

2013-05-08 16:55 - 2013-05-08 16:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TuneUp Software

2013-05-08 16:52 - 2011-09-07 15:32 - 00000000 ____D C:\Program Files\lx_cats

2013-05-08 16:50 - 2013-05-08 16:50 - 00000020 ___SH C:\Users\Administrator\ntuser.ini

2013-05-08 15:38 - 2013-05-08 15:38 - 00000000 ____D C:\Program Files\UtilityChest_49

2013-05-08 15:25 - 2013-05-08 14:36 - 00000000 ____D C:\Users\Ed and Sue\Local Settings\NPE

2013-05-08 15:25 - 2013-05-08 14:36 - 00000000 ____D C:\Users\Ed and Sue\Local Settings\Application Data\NPE

2013-05-08 15:25 - 2013-05-08 14:36 - 00000000 ____D C:\Users\Ed and Sue\AppData\Local\NPE

2013-05-08 13:29 - 2013-05-08 13:29 - 00002008 ____A C:\Users\Ed and Sue\My Documents\cc_20130508_172922.reg

2013-05-08 13:29 - 2013-05-08 13:29 - 00002008 ____A C:\Users\Ed and Sue\Documents\cc_20130508_172922.reg

2013-05-08 08:14 - 2013-05-08 08:14 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-05-08 08:14 - 2013-05-08 08:14 - 00000906 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk

2013-05-08 08:14 - 2013-05-08 08:14 - 00000000 ____D C:\Users\Ed and Sue\Application Data\Malwarebytes

2013-05-08 08:14 - 2013-05-08 08:14 - 00000000 ____D C:\Users\Ed and Sue\AppData\Roaming\Malwarebytes

2013-05-08 08:14 - 2013-05-08 08:14 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-05-08 08:14 - 2013-05-08 08:14 - 00000000 ____D C:\ProgramData\Application Data\Malwarebytes

2013-05-08 08:14 - 2013-05-08 08:14 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-05-05 18:03 - 2013-05-05 18:03 - 00000229 ____A C:\Users\Ed and Sue\Desktop\Restaurant.com Dining Certificate.url

2013-05-04 17:26 - 2013-05-04 17:26 - 00000804 ____A C:\Users\Public\Desktop\CCleaner.lnk

2013-05-04 17:26 - 2013-05-04 17:26 - 00000804 ____A C:\ProgramData\Desktop\CCleaner.lnk

2013-05-04 17:26 - 2013-05-04 17:26 - 00000000 ____D C:\Program Files\CCleaner

2013-05-04 17:26 - 2007-01-20 00:32 - 00000000 ____D C:\Windows\panther

2013-04-21 07:48 - 2011-02-26 21:11 - 00000078 ____A C:\Windows\WSOPDELX.INI

2013-04-21 07:20 - 2013-04-21 07:20 - 00001173 ____A C:\Users\Ed and Sue\Desktop\Norton Internet Security - Shortcut (2).lnk

2013-04-21 07:14 - 2013-01-02 15:52 - 00000000 ____D C:\Users\Ed and Sue\Local Settings\Google

2013-04-21 07:14 - 2013-01-02 15:52 - 00000000 ____D C:\Users\Ed and Sue\Local Settings\Application Data\Google

2013-04-21 07:14 - 2013-01-02 15:52 - 00000000 ____D C:\Users\Ed and Sue\AppData\Local\Google

2013-04-21 07:14 - 2010-12-03 16:00 - 00000000 ____D C:\Program Files\Google

2013-04-18 07:16 - 2013-04-18 07:16 - 00000000 ____D C:\Users\Ed and Sue\Application Data\InstallShield

2013-04-18 07:16 - 2013-04-18 07:16 - 00000000 ____D C:\Users\Ed and Sue\AppData\Roaming\InstallShield

2013-04-18 07:16 - 2010-03-28 09:06 - 00005345 ____A C:\Windows\Instlog.lyt

2013-04-18 07:15 - 2013-04-18 07:15 - 00000000 ____D C:\Users\Ed and Sue\My Documents\TurboTax

2013-04-18 07:15 - 2013-04-18 07:15 - 00000000 ____D C:\Users\Ed and Sue\Documents\TurboTax

2013-04-18 07:15 - 2013-04-18 07:15 - 00000000 ____D C:\Users\Ed and Sue\Application Data\Intuit

2013-04-18 07:15 - 2013-04-18 07:15 - 00000000 ____D C:\Users\Ed and Sue\AppData\Roaming\Intuit

Other Malware:

===========

C:\ProgramData\nvModes.dat

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-12 09:15:20

Restore point made on: 2013-05-14 17:09:50

Restore point made on: 2013-05-15 16:51:17

Restore point made on: 2013-05-15 19:32:12

Restore point made on: 2013-05-15 19:32:48

Restore point made on: 2013-05-15 19:33:30

Restore point made on: 2013-05-15 19:34:20

Restore point made on: 2013-05-15 19:38:52

Restore point made on: 2013-05-15 19:47:58

Restore point made on: 2013-05-15 19:48:19

Restore point made on: 2013-05-15 19:57:47

Restore point made on: 2013-05-15 20:02:41

Restore point made on: 2013-05-15 20:02:59

Restore point made on: 2013-05-15 20:47:56

Restore point made on: 2013-05-15 20:49:13

Restore point made on: 2013-05-16 09:34:36

Restore point made on: 2013-05-17 06:22:47

Restore point made on: 2013-05-17 06:23:13

Restore point made on: 2013-05-17 07:39:14

Restore point made on: 2013-05-17 20:00:21

==================== Memory info ===========================

Percentage of memory in use: 24%

Total physical RAM: 1982 MB

Available physical RAM: 1505.17 MB

Total Pagefile: 1718.75 MB

Available Pagefile: 1567.11 MB

Total Virtual: 2047.88 MB

Available Virtual: 1976.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:86.98 GB) (Free:41.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (PRESARIO_RP) (Fixed) (Total:6.17 GB) (Free:0.47 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive f: (KINGSTON) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 93 GB) (Disk ID: B90883C0)

Partition 1: (Active) - (Size=87 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=6 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 4 GB) (Disk ID: 00000000)

Partition 1: (Active) - (Size=4 GB) - (Type=0C)

Last Boot: 2013-05-18 00:57

==================== End Of Log ============================

I await your next instruction. thanks, srrsue sat. 5/18/13 at 10:12 am edst

[gringo_pr]

Hello srrsue

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
C:\ProgramData\nvModes.dat

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.

The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo

[srrsue]

Hi Gringo....I did what you said...here is the log ...I rebooted in NORMAL mode and it went through the Stage 3 of 3 regime all over again....got the same error 80070002 when I went to see if I could do MS updates...so nothing has changed that I can detect. I await your next instructions. thanks, srrsue saturday may 18, 2013 at 7:12 pm edst

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-05-2013

Ran by SYSTEM at 2013-05-18 18:05:26 Run:1

Running from F:\

Boot Mode: Recovery

==============================================

C:\ProgramData\nvModes.dat => Moved successfully.

==== End of Fixlog ====

[gringo_pr]

Windows Update problem fix

You must use Internet Explorer to perform Windows-Microsoft Updates.

Create batch file to re-register ...dll's

1. Open Notepad... Copy and paste the following command lines into the Notepad window.
   

   @echo off
   regsvr32 /s wuapi.dll
   regsvr32 /s wuaueng.dll
   regsvr32 /s wucltui.dll
   regsvr32 /s wups.dll
   regsvr32 /s wups2.dll
   regsvr32 /s wuwebv.dll
   regsvr32 /s wucltux.dll
   regsvr32 /s wudriver.dll
   regsvr32 /s wuweb.dll
   regsvr32 /s wuaueng1.dll
   net stop wuauserv
   net stop cryptsvc
   net start wuauserv
   net start cryptsvc
   del %0 

   
   

2. Save the Notepad file on your desktop...as WUFix.bat... Save as type: = "All Files" (otherwise the file won't work.)
   
   WUFix.bat <<------------- you should see this (XP only) on your desktop.
   
3. Double click on WUFix.bat to execute it.
   Vista / W7 users: Right click on WUFix.bat, select "Run As Administrator" to execute it.
   A black CMD window will flash, then disappear...this is normal.
   
4. Using Internet Explorer, try Windows-Microsoft Update again.
   Vista / W7 users: Close IE, then restart IE by Right-clicking the Internet Explorer (Start Menu or Quick Launch Bar) icon... select "Run As Administrator", then try Windows-Microsoft Update again.

[srrsue]

Hi Gringo...I did the WUFix.bat instruction as you directed and then launched IE as you said and then ran IE as administrator as you said and then TRIED the MS update and got the same old, same old error code 8007002. I then rebooted the computer, signed on as administrator, and replicated what I said I did above, and again...no success....just another code 8007002 all over again. I await your next instruction. Thanks Gringo for your continued help on this. srrsue Sunday May 19, 2013 at 11:55 am edst

[gringo_pr]

what update is causing the error?

gringo

[srrsue]

Hi Gringo.....I don't know what you mean by what update is causing the error.... ..NO update is causing this error ! When I went in and clicked on WINDOWS UPDATE as you directed in #4 in your 10:06 pm (post #29 above). My SYSTEM is not allowing me to do any update AT ALL.....it just keeps trying and trying to access the update, then it finally comes to a stop...and ......it just says that an UPDATE CANNOT BE DONE and it gives me an error code 8007002. Since you have begun helping me with these problems....I have noted I keep getting a pop up that tells me that Internet Explorer has STOPPED WORKING....and Microsoft will notify me if a solution becomes available !! I just went on line a few minutes ago...and went to www.yahoo.com and got this same IE error message...THEN...a pop up came on and it said: DEP was going to shut down this program (meaning: www.yahoo.com) and I clicked on the EXPLANTATION BOX and here is what I found:

What is Data Execution Prevention?

Data Execution Prevention (DEP) is a security feature that can help prevent damage to your computer from viruses and other security threats. Harmful programs can try to attack Windows by attempting to run (also known as execute) code from system memory locations reserved for Windows and other authorized programs. These types of attacks can harm your programs and files.

DEP can help protect your computer by monitoring your programs to make sure that they use system memory safely. If DEP notices a program on your computer using memory incorrectly, it closes the program and notifies you.

See also

Data Execution Prevention: frequently asked questions

Change Data Execution Prevention settings

Was this information helpful?

Read the privacy statement online

Show all

Hide all

Data Execution Prevention: frequently asked questions

Here are answers to some common questions about Data Execution Prevention (DEP).

What is DEP?

DEP is a security feature that can help prevent damage to your computer from viruses and other security threats. DEP can help protect your computer by monitoring programs to make sure they use system memory safely. If a program tries running (also known as executing) code from memory in an incorrect way, DEP closes the program.

Which programs does DEP monitor?

DEP automatically monitors essential Windows programs and services. You can increase your protection by having DEP monitor all programs. To increase DEP protection, see Change Data Execution Prevention settings.

Is it safe to run a program again if DEP has closed it?

Yes, but only if you leave DEP turned on for that program so that Windows can continue to detect attempts to run code from protected memory locations and help prevent attacks.

If DEP keeps closing the same program, is my computer under attack?

If you are using the recommended security settings and your antivirus software did not detect a threat, your computer is probably not under attack. In this case, the program might not run correctly when DEP is turned on. Check for a DEP-compatible version of the program or an update from the software publisher before you change any DEP settings.

How can I prevent DEP from closing a program I trust?

First, see if a DEP-compatible version of the program is available by visiting the software publisher's website. If the publisher has not released an updated, DEP-compatible version of the program, you can turn off DEP for the program that was closed. You will be able to use the program, but it might be vulnerable to an attack that could spread to your other programs and files.

If you choose to turn off DEP for a program, it's a good idea to check frequently for an updated version of the program and, after you update it, to turn on DEP again. To turn off DEP for a program, see Change Data Execution Prevention settings.

What should I do if DEP is closing a program that’s part of Windows, such as svchost.exe or explorer.exe?

The svchost.exe and explorer.exe programs are parts of the Windows operating system. If DEP closes them or other Windows services, the cause could be smaller programs, such as extensions, that are created by other software publishers and that operate inside Windows. If you have recently installed a program and notice DEP closing Windows-based programs, check with the software publisher to see if there is an updated, DEP-compatible version available, or try uninstalling the program.

If my DEP settings indicate that my computer’s processor does not support hardware-based DEP, am I still protected?

Yes. DEP is a software-based feature of Windows. Some computer processors also provide hardware-based DEP under various names. These processors use hardware technology to prevent programs from running code in protected memory locations. If your processor does not support hardware-based DEP, Windows will use software-based DEP to help protect your computer.

Was this information helpful?

Read the privacy statement online

Gringo...I have NEVER seen this pop up before !! Now that I read that you say that the WINDOWS UPDATE has to be made through the INTERNET EXPLORER....I am wondering if I have a CORRUPTED internet explorer on my PC ?? I told you earlier that I have IE 8 that I "reverted back to" when I uninstalled IE 9 as I was having so many problems with IE 9 - so now, can you tell me whether you can counsel me HOW TO uninstall my IE8 and then REINSTALL it...or how do I go about seeing if my entire problem with UPDATE INABILITY traces back to a corrupt installation of Internet Explorer. I have never used another BROWSER. Is there a way to uninstall IE8 and then somehow make use of another browser, like google chrome or firefox - and then eventually reinstall IE8 or IE9 or IE10 to get my Windows Update working again ? I will leave it to you, the expert Gringo, to tell me what to do next, as I am just grasping at straws here as to how to get my PC to process the Window Updates that seemingly have not been loading since January, 2012. I wouldn't even have thought that was possible...is it ? Let me know what to do next Gringol...thanks, srrsue Sunday 5/19/2013 at 3:35 pm edst

[gringo_pr]

Download Windows Repair (all in one) from here.

Install the program then run

Go to step 3 and allow it to run SFC

On the start repairs tab click start

Select the following items and tick restart system when finished

Reset Registry Permissions

Reset File Permissions

Register System Files

Repair WMI

Repair Windows Firewall

Repair Internet Explorer

Repair Hosts File

Remove Policies Set By Infections

Repair Missing Start menu Icons

Repair Icons

Repair Winsock & DNS Cache

Remove Temp Files

Repair Proxy Settings

Unhide Non System Files

Repair Windows Updates

Set windows Services To Default

Repair MSI (windows Installer)

Repair File Associations

Repair windows Safe mode

After that come back and tell me if that has made a difference.

Gringo

[srrsue]

Hi Gringo...THINGS HAVE NOT GONE WELL FOR MY PC - I am NOW contacting you through my husband's desktop PC as MY LAPTOP PC IS CAUGHT IN A VICIOUS LOOP !! I did what you said and ran the Windows Repair and ticked off 37of the 39 offered items (only two NOT ticked were REPAIR WINDOW SNIPPING TOOLS and REPAIR WINDOW SIDEBAR/GADGETS). It took over 2 hours to run them all and I hit RESTART when it was finished. My PC went through a NORMAL reboot...then I tried to do a Windows Update and ended up with a ERROR CODE 80071A90. I then rebooted again after using CCleaner and cleaning my cache. I then tried to do a Windows Update again and THIS TIME..I got a notification that One Important and 8 Optional updates were available !! The one important one was: Windows Malicious Software Removal Tool KB890830, so I checked that off to run, and I checked off SIX of the 8 optional. The two optional I DIDN'T KNOW whether or not to check off were: SILVERLIGHT and Bing Desktop V1.2 - do I need to update eiither or both....if and when I get ANOTHER chance ? I said START for the Updates...and when they finished..I was told I had to reboot to get them to be installed and activated. I DID THAT. My PC rebooted, then a pop up appeared TELLING ME that my Windows Security Center is turned off !! I ignored this command at this time - Do I eventually need to turn this ON - of do I even need to, since I am running Norton Internet Security and Norton Utiliities ? I ran CClearner again and there were alot of files in there..so I cleaned them..and REBOOTED my PC. On the Normal reboot...I got a message pop up in the bottom right of my PC saying Windows Updates were available..so I clicked on that messge..and it took me to the Windows Update page where it said there wer 46 Important updates and 2 optional. The two optional were the same as I stated above..and I DID NOT check them off....but did let the 46 important ones STAY CHECKED and I hit START. It took a while for 46 files to update..and again I got that message to REBOOT to install and activate the updates. I DID THAT...and that is when the "loop" started. My screen on reboot said: Stage 1 of 3 - 0% complete AND I DID NOT SEE THE ZERO PERCENT INCREASE, then it changed to Stage 2 of 3 - 0% complete and this percentage never increased and then an error message popped up saying: "UPDATES WERE NOT CONFIGURED CORRECTLY. REVERTING CHANGES. DO NOT TURN OFF YOUR COMPUTER" I has now been 2 1/2 hours..and the little blue circle is still whirring and the message has NOT gone away. So I decided I better contact you on my husband's desktop computer. What do I do NOW to get out of this loop it seems I am in ? I await your new directions Gringo..thanks for your continued help. srrsue monday 5/20/2013 at12:59 pm edst

[gringo_pr]

I want you to run first like you did in post 25

but this time instead of command prompt I want you to select system restore and restore the computer to before the updates and see if it boots up fine

gringo

[srrsue]

Hi Gringo....I did what you said and then tried to do a Windows Update....I saw that 46 important and 3 optional appeared to be ready to update....I ONLY checked off the 46 important. They all seemed to be updating and then at the end of number 46 it said my PC had to be restarted. I clicked OK and it ran through its process...and then a screen came up saying Stage 1 of 3 - 0% complete..and THEN that changed to 50% (which was a new message I had not seen in ages !) and then it jumped to Stage 2 of 3 - 0% complete.......THEN...... that ERROR message I had seen previously popped up: "UPDATES WERE NOT CONFIGURED CORRECTLY. REVERTING CHANGES. DO NOT TURN OFF YOUR COMPUTER" . So I just let that run its course for about 5 minutes and it went back to my regular desktop. I took THIS opportunity to run Norton Internet Security live update, and Norton Utilities 14 (and cleaned my WINDOWS settiings, BROWSER settings,PLUGINS (third party software) settings, CUSTOM items and BLEACH the free space.....then also within Norton Utilities I did a CLEAN MY REGISTRY and then DEFRAGMENT MY REGISTRY.....then I ran TUNE - UP 1 CLICK MAINTENANCE, then ran CCleaner....and rebooted....and GOT A NORMAL START UP....with NO ERROR MESSAGES at all !! I then TRIED to do another windows update attempt as it said 46 important and 3 optional....AND THIS TIME when it said I NEEDED TO RESTART to have the updates installed....I booted it.....and got a NORMAL reboot..with NO ERROR messages...I went in to see the INSTALLED UPDATES info..and found the following: INSTALLED UPDATES: yesterday 5/20/13 - 57 items; earlier this week 5/19/13 - 9 items; last week - 5/16/13 - 1 item; a long time ago 1/19/2012 - 304 items !! Only 3 optional updates ARE NOW AVAILABLE, silverlight 6.6mb; windows ie9 for vista 19.1 mb and bing desktop v1.2 - 4.9mb.....DO YOU SUGGEST THAT I NEED TO UPLOAD ANY OR ALL OF THESE GRINGO ? So that is the state of the union now. My PC seems to be working now....please let me know the NEXT step(s) you want me to take. thanks for your continued help Gringo !! srrsue tuesday 5/21/2013 at 10:53 am edst

[gringo_pr]

Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

• Programs to remove
  
  • 
    Adobe Reader 8.3.1
    Coupon Printer for Windows
    Java 7 Update 17
    Java SE Runtime Environment 6
    JavaFX 2.1.1
    

• Please download and install

Revo Uninstaller FreeDouble click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Update Adobe reader

• Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.
  You can download it from

http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

• If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from

here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

Clean Out Temp Files

• This small application you may want to keep and use once a week to keep the computer clean.
  Download CCleaner from here http://www.ccleaner.com/
  
  • Run the installer to install the application.
    
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    
  • Click Run Cleaner.
    
  • Close CCleaner.
    

: Malwarebytes' Anti-Malware :

I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now

• Double-click mbam icon
  
• go to the update tab at the top
  
• click on check for updates
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
  • If you accidentally close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

• Go Here to download HijackThis program
  
• Save HijackThis to your desktop.
  
• Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  
• Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  
• copy and paste hijackthis report into the topic
  

"information and logs"

• In your next post I need the following
  

1. Log From MBAM
   
2. report from Hijackthis
   
3. let me know of any problems you may have had
   
4. How is the computer doing now?
   

Gringo

[srrsue]

Hi Gringo..I followed your instructions and had no problems. IE 8 still seems to be working very slowly and lethargic and I STILL AM GETTING those pop ups that say IE HAS STOPPED WORKING.....then I get a notice that Microsoft will notify me if a solution becomes available !! Do you suggest I need to UPDATE to IE9 or IE 10 ? Here is the MBAM and hijackthis logs. I await your next instruction. thanks, srrsue wednesday 5/22/2013 at 11:32 am edst

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.22.06

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19170

Ed and Sue :: USER-PC [administrator]

5/22/2013 10:46:11 AM

mbam-log-2013-05-22 (10-46-11).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 263001

Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:30:06 AM, on 5/22/2013

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19170)

Boot mode: Normal

Running processes:

C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Lexmark 3400 Series\lxcymon.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Norton Utilities 14\nu.exe

C:\Users\Ed and Sue\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"

O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-21-936523094-2541983458-908479171-1000\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup (User 'user')

O4 - HKUS\S-1-5-21-936523094-2541983458-908479171-500\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Administrator')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O15 - Trusted Zone: http://*.turbotax.com

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: lxcy_device - - C:\Windows\system32\lxcycoms.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

O23 - Service: Utility ChestService (UtilityChest_49Service) - COMPANYVERS_NAME - C:\PROGRA~1\UTILIT~2\bar\1.bin\49barsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 8079 bytes

[gringo_pr]

Hello srrsue

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737

Then I want you to do the following

• Start Internet Explorer.
  
• click on "safety"
  
• click on "Delete Browsing History"
  
• make sure all boxes are checked
  
• click on "Delete"
  
• click on "Tools",
  
• click "Internet Options".
  
• On the "Advanced" tab, click "Reset"
  
• put a check mark next to "Delete Personal Settings"
  
• click "Reset" to confirm
  
• when complete click the "Close" button
  
• restart IE
  

Gringo

[srrsue]

Hi Gringo - I did what you said. When I rebooted, I got that same old ERROR message I had seen previously popped up: "UPDATES WERE NOT CONFIGURED CORRECTLY. REVERTING CHANGES. DO NOT TURN OFF YOUR COMPUTER" . So I just let that run its course for about 5 minutes and it went to what I think is a NEW HOME PAGE - google.com !! I want yahoo.com as my home page. Also, all my tool bars WENT AWAY - I want the Norton Internet Security and Norton Utilities and Google and Yahoo tool bars BACK and I want those COMMANDS like FILE, EDIT, TOOLS to reappear. What do I need to do to get them back. FAVORITES is one word on the tool bar area and THEY seem to remain intact. When i just went to respond to you, a INTERNET EXPLORER SCRIPT ERROR kept popping up also. I cannot tell you YET if there is any appreciable CHANGE in my PC behavior. The windows update is only saying those THREE optional ones that I told you about above and INSTALLED UPDATES says one yesterday ADOBE READER X 10.1.4 and sixty six earlier this week with the last one in that list dated May 20, 2013. I now await your next instruction. thanks, srrsue thursday may 23, 2013 at 11:23 am edst

[gringo_pr]

Hello

I STILL AM GETTING those pop ups that say IE HAS STOPPED WORKING.....then I get a notice that Microsoft will notify me if a solution becomes available !!

are you still getting this error? - the tool bars you can get back at anytime and the file menu only needs to right click at the top and select menu bar

[srrsue]

Hi Gringo - no, I am not getting IE not working errors anymore, just that IE scripts error - I AM STILL IN A VICIOUS LOOP though !! When I restarted my PC it has shown THREE TIMES IN A ROW that 46 new IMPORTANT WINDOWS UPDATES are available and the three optionals. I check off the 46 (by the way, I noted that these NEW 46 updates are "different altogether" from the 66 I told you HAVE ALREADY been updated on my PC. These updates have alot of the word "vista system" in them.....and they SEEMINGLY load...and then it says RESTART....and I do that and get that recurring ERROR telling me that THE UPDATES HAVE NOT BEEN CONFIGURED PROPERLY and they are REVERTING CHANGES BACK...It is the SAME error I posted for you several times above !! As I said above...THIS HAS HAPPENED THREE TIMES IN A ROW...UPDATE....THEN REVERSION. SO, something is STILL WRONG with continued ability to load UPDATES because of this vicious loop I am in. I did find out how to restore my tool bars back to the way I want them. So, I await your next instruction to clear up this UPDATE caper. thanks for your continued help Gringo....regards, srrsue thursday may 23, 2013 at 4:26 pm edst

[srrsue]

Hi Gringo - I just booted up my PC this morning and AGAIN got the notification of 46 Important and 3 Optional windows updates available. I DID NOT TRY TO LOAD them because of the loop problem I have referenced above. I will wait until I hear your next instruction and will not try to do any of the 46 and/or 3 update. Thanks for your continued assistance and direction. srrsue friday may 24, 2013 at 10:17 am edst

[gringo_pr]

Hello

Lets see if this will fix what is wrong with the updates

Complete Internet Repair

• Please download Complete Internet Repair (32Bit) and save it to your desktop - http://datumza.com/downloads/
  
• Double click the icon and select Run
  
• Click Extract
  
• Double click the Complete Internet Repair folder on your desktop
  
• Double click the CIntRep.exe icon
  
• Place a checkmark next to the following entries:
  
  • Reset Internet Protocol (TCP/IP)
    
  • Repair Winsock (Reset Catalog)
    
  • Renew Internet Connections
    
  • Flush DNS Resolver Cache
    
  • Repair Internet Explorer 6.0.2900
    
  • Clear Windows Update History
    
  • Repair Windows / Automatic Updates
    
  • Repair SSL / HTTPS / Cryptography
    
  • Reset Windows Firewall Configuration
    
  • Restore the default hosts file
    
  • Repair Workgroup Computers view
    

  [*]Click Go!

  [*]Ignore any error messages for now

  [*]Click OK to reboot your computer

  [*]Check your internet access

Please let me know if this worked

Gringo

[srrsue]

Hi Gringo..I did the complete internet repair..then rebooted...then opened IE and did the windows update button and saw there were 46/3 updates ...so I checked off the 46 (note: THESE were the new ones...with VISTA in the description !) The OLD 67 were STILL IN the INSTALLED EARLIER list..so I rant the 46 important updates...it said a restart was necessary...I did that....and the SAME OLD ERROR popped up saying updates were NOT configured properly and were being REVERTED again...do not turn off your computer...I DID NOT TURN IT OFF...then the regular desktop icons appered. I check on WINDOWS UPDATE availability..it said ONLY 3 optional were available...I looked at the INSTALLED EARLIER list and it WAS ONLY THE 67 previously installed....so NONE OF THE NEW 46 with a lot of VISTA in the description were there at all !! So the COMPLETE INTERNET REPAIR does not seem like it worked at all.....Please let me know what to try next...do you think I should try to install ONLY the bing bar OPTIONAL update..and see if that takes...or what do you suggest ? Let me know...thanks, srrsue friday may 24, 2013 at 1:45 pm edst

[gringo_pr]

try only a couple at a time and see if they take

gringo

[srrsue]

Hi Gringo....I think YOU finally figured it out !! I did as you said and loaded the 49 updates (3 additional showed up as being available) in 6 different "loads" of 3/8/25/5/3/5 at a time....I did the 25 by clicking on the LOW kb updates, as compared to the larger mb updates....i kept updating and restarting and right now my UPDATE AVAILABLE page only says 3 optional...and when I checked the updates installed....all 49 were installed today 5/25/2013 !! So Gringo...I think you did an excellent job of figuring out and FIXING all these capers....and it is indicative of your intellect and will power to surely be an EXPERT maleware and virus guru. Please let me know what the next steps are to finalize. thank you very much, srrsue saturday may 25, 2013 at 11:27 am edst

[gringo_pr]

Hello srrsue

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

• Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
  They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.
  The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

• To re-enable your Emulation drivers, double click DeFogger to run the tool.
  
  • The application window will appear
    
  • Click the Re-enable button to re-enable your CD Emulation drivers
    
  • Click Yes to continue
    
  • A 'Finished!' message will appear
    
  • Click OK
    
  • DeFogger will now ask to reboot the machine - click OK.
    

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

• turn off all active protection software
  
• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  
• please copy and past the following into the box ComboFix /Uninstall and click OK.
  
• Note the space between the X and the /Uninstall, it needs to be there.
  
• 
  

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

• Double-click OTCleanIt.exe.
  
• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes, if not delete it by yourself.
  
• If asked to restart the computer, please do so
  

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

About Java

• During the cleaning process if I found that Java was installed I asked for it to be uninstalled, Many home users will not miss it. If you use OpenOffice, play online games or use business applications which require Java, Then you need to install the latest version and make sure to disable it in your web browsers.
  If an application or website requires it, you should receive a notification indicating that when you attempt to launch that application or access that website.
  Link to download latest version. -

install Java
How to disable java in your web browsers - Disable Java

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls
CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner
Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

• Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  
• WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  
• Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
  totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)
  Note** If you decide to install MSE you will need to uninstall your present Antivirus
  

:Security awareness:

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety
Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Gringo

[srrsue]

Hi Gringo...I did what you said and did Uninstall combofix and otc cleanit. We had NOT used defogger. I am presently TRYING TO see if there are any new UPDATES....and it seems to keep on running and running for OVER AN HOUR now...this is not usual. I use to get it to run and Updates, important and optional would pop up on the screen in a few minutes. I DON'T KNOW WHAT TO MAKE OF THIS...what should I do ? I am reluctant to close it out until I hear from you. I checked my settings and it is on AUTOMATIC UPDATE at 3 am daily. After I did otc clean it....there are still SEVERAL programs etc. THAT WERE CREATED when you had me do all those steps...for example: revo setup, adwcleaner, JRT, hijack this, tweaking.com, REPAIR and CIntrep - do I manually delete all of these, or do I keep any ? Let me know what to do from this point and if I should be concerned about the UPDATE loop I am in. thanks, srrsue monday may 26, 2013 at 11:15 am edst

[srrsue]

Hi Gringo...the microsoft update is STILL running...I just got a POP UP (Problem Reports and Solutions) from windows problem reporting...and it is a LISTING OF 857 ERRORS....the MOST recent dates were may 20th thru may 27th..and the largest listings are entitled: HOST PROCESS FOR WINDOWS SERVICES - WINDOWS UPDATE INSTALLATION PROBLEM (251 errors)....then the next large listing is: INTERNET EXPLORER - Webpage Display Problems (321 errors),,,,,then: WINDOWS MODULES INSTALLER - Cbs Package Servicing Failure, WindowsWcpOtherFailure 3 (268 errors) - so I don't know what THESE ARE ALL ABOUT - and I assume you do and know what I have to do next...I clicked to find out if MICROSOFT found answers for these 857 errors and it came back: No solutions found !! Please check for solutions again later !! WHAT IS THIS ALL ABOUT...thanks for your NEXT instruction. srrsue monday may 27 2013 at 12:33 pm edst