longbeachlouise Posted June 21, 2013 ID:694023 Share Posted June 21, 2013 Please have patience until you have the 1st reply from an authorized helper. Don't reply until then. Hi, What happened to my topic? Here is the 4th scan, the 2nd full scan results, before I reboot: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.20.10 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Carol :: BILL [administrator] 6/20/2013 10:42:59 PM mbam-log-2013-06-20 (22-42-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206030 Time elapsed: 13 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Carol\LOCALS~1\Temp\msavyy.cmd -> Delete on reboot. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Carol\LOCALS~1\Temp\msavyy.cmd -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ************************************** End Report***************************************************************** Am I in the wrong bulletin board? Okay, My topic is still here. I thought it was okay to attach a jpeg. Otherwise, I'll post again, without a jpeg attached. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 21, 2013 Root Admin ID:694191 Share Posted June 21, 2013 Sorry for the mixup. I replied to you last night but it seems that my post was lost in a maintenance fix. You should be able to reboot the computer and hopefully we will have caught and stopped it from spreading. If the system does get worse then we may have to use another tool but let me know how things go please. Link to post Share on other sites More sharing options...
longbeachlouise Posted June 21, 2013 Author ID:694236 Share Posted June 21, 2013 Malwarebytes doesn't delete the tojan. Above is scan 3. Here are the first 2 scans: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.06.20.10Windows Vista Service Pack 2 x86 NTFSInternet Explorer 9.0.8112.16421Carol :: BILL [administrator]6/20/2013 5:50:49 PMmbam-log-2013-06-20 (17-50-49).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 209274Time elapsed: 8 minute(s), 57 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 3HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Java Auto Update (Backdoor.Bot) -> Data: C:\Users\Carol\AppData\Roaming\Java\Update\Download\Cache\jsheded.exe -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Carol\LOCALS~1\Temp\msavyy.cmd -> Delete on reboot.HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Carol\LOCALS~1\Temp\msavyy.cmd -> Delete on reboot.Registry Data Items Detected: 1HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Inject.RRE) -> Bad: (C:\Users\Carol\LOCALS~1\Temp\msavyy.cmd) Good: () -> Delete on reboot.Folders Detected: 0(No malicious items detected)Files Detected: 3C:\Users\Carol\AppData\Roaming\Java\Update\Download\Cache\jsheded.exe (Backdoor.Bot) -> Quarantined and deleted successfully.C:\Users\Carol\Local Settings\temp\msavyy.cmd (Trojan.Inject.RRE) -> Delete on reboot.C:\Users\Carol\AppData\Local\temp\msavyy.cmd (Trojan.Inject.RRE) -> Delete on reboot.(end) *********************************End of First Scan [Quick] **************************************** Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.06.20.10Windows Vista Service Pack 2 x86 NTFSInternet Explorer 9.0.8112.16421Carol :: BILL [administrator]6/20/2013 7:04:34 PMmbam-log-2013-06-20 (19-04-34).txtScan type: Full scan (C:\|D:\|E:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 362437Time elapsed: 3 hour(s), 20 minute(s), 58 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 2HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Carol\LOCALS~1\Temp\msavyy.cmd -> Delete on reboot.HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Carol\LOCALS~1\Temp\msavyy.cmd -> Delete on reboot.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Users\Carol\AppData\LocalLow\3B5C.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.(end) ****************************************End of 2nd Scan [Full] ********************************************************* Then I ran the full scan; results in first post. Every time I have to reboot to delete the malware, it appears again on a scan. Here is the DDS and Attach I ran - sorry I noticed that last night! .DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2Run by Carol at 5:47:12 on 2013-06-21Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3262.1825 [GMT -7:00].SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\system32\astsrv.exeC:\Program Files\WinTV\TVServer\HauppaugeTVServer.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exec:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\CyberLink\Shared Files\RichVideo.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files\TeamViewer\Version7\TeamViewer_Service.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\DRIVERS\xaudio.exeC:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationc:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Windows\system32\wuauclt.exeC:\Windows\System32\rundll32.exeC:\Program Files\Synaptics\SynTP\SynTPStart.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\WinTV\WinTV7\WinTVTray.exeC:\Windows\System32\Macromed\Shockwave 10\SwHelper_1020023.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\System32\rundll32.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\Hewlett-Packard\Shared\HpqToaster.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\wermgr.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = about:blankuWindows: Load=c:\users\carol\locals~1\temp\msavyy.cmdBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\commonfiles\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart webprinting\hpswp_BHO.dllTB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No FileuRun: [TClockEx] c:\program files\tclockex\TCLOCKEX.EXEuRun: [Google Update] "c:\users\carol\appdata\local\google\update\GoogleUpdate.exe" /cuRunOnce: [shockwave Updater] "c:\windows\system32\macromed\shockwave 10\SwHelper_1020023.exe" -Update -1020023 -iexplore.exe9.0mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStartmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exemRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartmRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exemRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exemRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzgyNDkzMzAzLVhPMTArMi1RSVgxKzQtRjEwTTEwRCsxLVgyMDEwKzItRkwxMCsxLUNJUCsyLUREVCs1MDYyNi1ERDEwRisxLVNUMTBGQVBQKzEtTDEwTSsxLUYxME0xMkFOKzIyLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLVNUMTJGT0krMS1GMTBNMTJBVSsxLUVVTEErMS1TVDEyRkFQUCsxLVNURjEwTTEyQVVGKzE"&"prod=90"&"ver=2012.0.1831"&"mid=2f5e155032c547d6a51ed1572eb0a5f4-67a770033ab46c38be4f16cb6e0539da3b11bf91StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\commonfiles\adobe\calibration\Adobe Gamma Loader.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autostart ir.lnk - c:\program files\wintv\Ir.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wintv recording status..lnk - c:\programfiles\wintv\wintv7\WinTVTray.exeuPolicies-explorer: NoInstrumentation = 1mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000IE: {58ECB495-38F0-49cb-A538-10282ABF65E7}IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digitalimaging\smart web printing\hpswp_BHO.dllDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -TCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{5BDA6017-34CF-4407-A303-0315F31DBA14} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{AFF8AD68-D2A5-4A7C-BBF2-ED461B9A885C} : DhcpNameServer = 192.168.1.1.================= FIREFOX ===================.FF - ProfilePath - c:\users\carol\appdata\roaming\mozilla\firefox\profiles\6j2g9fmw.default-1357757927839\FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrl.1.0.20926.0.dllFF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dllFF - plugin: c:\users\carol\appdata\local\citrix\plugins\104\npappdetector.dllFF - plugin: c:\users\carol\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dllFF - plugin: c:\users\carol\appdata\roaming\mozilla\plugins\npgoogletalk.dllFF - plugin: c:\users\carol\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: c:\users\carol\appdata\roaming\mozilla\plugins\npo1d.dllFF - plugin: c:\windows\system32\npdeployJava1.dllFF - plugin: c:\windows\system32\npmproxy.dll.============= SERVICES / DRIVERS ===============.R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]R2 HauppaugeTVServer;HauppaugeTVServer;c:\program files\wintv\tvserver\HauppaugeTVServer.exe [2011-12-16 562176]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-15 418376]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-19 701512]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-19 22856]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-7 117144]S3 MxL111SF_AVS_USB;Hauppauge WinTV-Aero-M;c:\windows\system32\drivers\hcwC6bda.sys [2011-12-16 85248].=============== Created Last 30 ================.2013-06-12 04:31:20 -------- d-----w- c:\users\carol\appdata\local\Citrix2013-06-03 05:54:16 -------- d-----w- c:\users\carol\appdata\roaming\Java2013-06-01 19:45:43 262552 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll.==================== Find3M ====================.2013-04-04 21:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys.============= FINISH: 5:54:45.60 =============== **************************************************End DDS************************************************************** Attach: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft® Windows Vista™ Home BasicBoot Device: \Device\HarddiskVolume1Install Date: 5/4/2008 1:11:16 PMSystem Uptime: 6/21/2013 5:29:42 AM (0 hours ago).Motherboard: Quanta | | 30EAProcessor: AMD Athlon 64 X2 Dual-Core ProcessorTK-57 | Socket S1 | 1900/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 101 GiB total, 46.511 GiB free.D: is FIXED (NTFS) - 11 GiB total, 1.876 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.Update for Microsoft Office 2007 (KB2508958)7-Zip 9.20Activation Assistant for the 2007 Microsoft OfficesuitesAdobe Flash Player 11 ActiveXAdobe Photoshop 6.0Adobe Reader X (10.1.4)Adobe Shockwave PlayerAIM 6Atheros Driver Installation ProgramCards_Calendar_OrderGift_DoMorePlugoutCCleanerCisco WebEx MeetingsCitrix Online LauncherCompatibility Pack for the 2007 Office systemConexant HD AudioDefragglerDVD SuiteEPSON ScanEPSON Stylus NX400 Series Printer UninstallGoogle Talk PluginGoToMeeting 5.7.0.1172Hauppauge WinTV 7HDAUDIO Soft Data Fax Modem with SmartCPHewlett-Packard Active CheckHewlett-Packard Asset Agent for Health CheckHotfix for Microsoft .NET Framework 3.5 SP1(KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1(KB958484)HP Active Support LibraryHP Customer Experience EnhancementsHP Doc ViewerHP DVD Play 3.6HP Easy Setup - FrontendHP Help and SupportHP Photosmart Essential 2.5HP Quick Launch Buttons 6.40 B2HP Smart Web PrintingHP Total Care AdvisorHP User Guides 0091HP Wireless AssistantHPNetworkAssistantHPPhotoSmartDiscLabel_PaperLabelHPPhotoSmartDiscLabel_PrintOnDiscHPPhotoSmartDiscLabel_TattooHPPhotoSmartDiscLabelContent1hpphotosmartdisclabelpluginHPPhotoSmartPhotobookHolidayPack1HPPhotoSmartPhotobookModernPack1HPPhotoSmartPhotobookPlayfulPack1HPPhotoSmartPhotobookScrapbookPack1HPPhotoSmartPhotobookWebPack1Icon Restore 1.0Java 7 Update 7Java Auto UpdaterJetMP3Keynote Mobile Internet Testing Environment 3LabelPrintMalwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Professional Edition 2003Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3(SP3)Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English)2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SQL Server 2005Microsoft SQL Server 2005 Express Edition(SQLEXPRESS)Microsoft SQL Server 2005 Tools Express EditionMicrosoft SQL Server Compact 3.5 Design Tools ENUMicrosoft SQL Server Compact 3.5 ENUMicrosoft SQL Server Native ClientMicrosoft SQL Server Setup Support Files (English)Microsoft SQL Server VSS WriterMicrosoft Visual Basic 2008 Express Edition - ENUMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x869.0.30729.17Microsoft Visual C++ 2008 Redistributable - x869.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x869.0.30729.6161Microsoft Windows SDK for Visual Studio 2008 ExpressTools for .NET FrameworkMicrosoft Windows SDK for Visual Studio 2008 ExpressTools for Win32Microsoft WorksMozilla Firefox 21.0 (x86 en-US)Mozilla Maintenance ServiceMSDN Library for Microsoft Visual Studio 2008 ExpressEditionsMSVCRT RedistsMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB941833)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NetWaitingNVIDIA DriversPower2GoPowerDirectorPSSWCOREQuickPlay SlingPlayer 0.4.6RICOH R5C83x/84x Flash Media Controller DriverVer.3.52.02Security Update for Microsoft .NET Framework 3.5 SP1(KB2657424)Security Update for Microsoft .NET Framework 4 ClientProfile (KB2446708)Security Update for Microsoft .NET Framework 4 ClientProfile (KB2478663)Security Update for Microsoft .NET Framework 4 ClientProfile (KB2518870)Security Update for Microsoft .NET Framework 4 ClientProfile (KB2539636)Security Update for Microsoft .NET Framework 4 ClientProfile (KB2572078)Security Update for Microsoft .NET Framework 4 ClientProfile (KB2633870)Security Update for Microsoft .NET Framework 4 ClientProfile (KB2656351)Security Update for Microsoft Office 2007 suites(KB2596785) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007(KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007(KB2596912) 32-Bit EditionSynaptics Pointing Device DriverTClockExTeamViewer 7Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1(KB963707)Update for Microsoft .NET Framework 4 Client Profile(KB2468871)Update for Microsoft .NET Framework 4 Client Profile(KB2533523)Update for Microsoft .NET Framework 4 Client Profile(KB2600217)Update for Microsoft Office 2007 Help for CommonFeatures (KB963673)Update for Microsoft Office 2007 suites (KB2596651)32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596789)32-Bit EditionUpdate for Microsoft Office Excel 2007 (KB2596596)32-Bit EditionUpdate for Microsoft Office Excel 2007 Help(KB963678)Update for Microsoft Office OneNote 2007 Help(KB963670)Update for Microsoft Office Powerpoint 2007 Help(KB963669)Update for Microsoft Office Script Editor Help(KB963671)Update for Microsoft Office Word 2007 Help (KB963665)VC Runtimes MSIVideoToolkit01Visual C++ 2008 x86 Runtime - (v9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01Watchtower Library 2001 - English EditionWeatherBug GadgetWindows 7 Upgrade AdvisorWindows Movie Maker 2.6.==== End Of File =========================== Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 21, 2013 Root Admin ID:694239 Share Posted June 21, 2013 Please uninstall ALL versions of Java then run the following for me. Please visit this webpage for instructions on downloading and running ComboFix: How to use ComboFixPlease make sure you disable your security applications before running ComboFix.Once Combofix has completed it will produce and open a log file. Please attach that log file to your next reply.If needed the file can be located here: C:\combofix.txtNOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. Link to post Share on other sites More sharing options...
longbeachlouise Posted June 22, 2013 Author ID:694325 Share Posted June 22, 2013 Hi, I goofed. I ran the ComboFix, before uninstalling java. I will uninstall it next, and start over. Here is the ComboFix report, as it currently appears:ComboFix 13-06-21.02 - Carol 06/21/2013 18:14:16.3.2 - x86Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3262.2051 [GMT -7:00]Running from: c:\users\Carol\Downloads\ComboFix.exeSP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\Microsoft\Windows\DRM\3B2C.tmpc:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnkc:\users\Carol\AppData\Roaming\Java\Update\Download\Cache\check_update.batc:\users\Carol\AppData\Roaming\Java\Update\Download\Cache\csrss.exec:\users\Carol\AppData\Roaming\Java\Update\Download\Cache\diablo121016.clc:\users\Carol\AppData\Roaming\Java\Update\Download\Cache\diakgcn121016.clc:\users\Carol\AppData\Roaming\Java\Update\Download\Cache\libcurl-4.dllc:\users\Carol\AppData\Roaming\Java\Update\Download\Cache\libeay32.dllc:\users\Carol\AppData\Roaming\Java\Update\Download\Cache\libidn-11.dllc:\users\Carol\AppData\Roaming\Java\Update\Download\Cache\libpdcurses.dllc:\users\Carol\AppData\Roaming\Java\Update\Download\Cache\libusb-1.0.dllc:\users\Carol\AppData\Roaming\Java\Update\Download\Cache\OpenCL.dllc:\users\Carol\AppData\Roaming\Java\Update\Download\Cache\phatk121016.clc:\users\Carol\AppData\Roaming\Java\Update\Download\Cache\poclbm121016.clc:\users\Carol\AppData\Roaming\Java\Update\Download\Cache\pthreadGC2.dllc:\users\Carol\AppData\Roaming\Java\Update\Download\Cache\ssleay32.dllc:\users\Carol\AppData\Roaming\Java\Update\Download\Cache\zlib1.dll..((((((((((((((((((((((((( Files Created from 2013-05-22 to 2013-06-22 )))))))))))))))))))))))))))))))..2013-06-22 01:35 . 2013-06-22 01:35 -------- d-----w- c:\users\Williaim\AppData\Local\temp2013-06-22 01:35 . 2013-06-22 01:35 -------- d-----w- c:\users\Public\AppData\Local\temp2013-06-22 01:35 . 2013-06-22 01:35 -------- d-----w- c:\users\Default\AppData\Local\temp2013-06-12 04:31 . 2013-06-12 04:31 -------- d-----w- c:\users\Carol\AppData\Local\Citrix2013-06-03 05:54 . 2013-06-03 05:54 -------- d-----w- c:\users\Carol\AppData\Roaming\Java...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-04-04 21:50 . 2012-06-19 15:51 22856 ----a-w- c:\windows\system32\drivers\mbam.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-09 86016]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-09 8497696]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-09 81920]"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzgyNDkzMzAzLVhPMTArMi1RSVgxKzQtRjEwTTEwRCsxLVgyMDEwKzItRkwxMCsxLUNJUCsyLUREVCs1MDYyNi1ERDEwRisxLVNUMTBGQVBQKzEtTDEwTSsxLUYxME0xMkFOKzIyLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLVNUMTJGT0krMS1GMTBNMTJBVSsxLUVVTEErMS1TVDEyRkFQUCsxLVNURjEwTTEyQVVGKzE∏=90&ver=2012.0.1831&mid=2f5e155032c547d6a51ed1572eb0a5f4-67a770033ab46c38be4f16cb6e0539da3b11bf91" [?].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk - c:\program files\WinTV\Ir.exe /QUIET [2011-12-16 117344]WinTV Recording Status..lnk - c:\program files\WinTV\WinTV7\WinTVTray.exe [2011-12-16 82944].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvcLocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.Contents of the 'Scheduled Tasks' folder.2013-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3482760682-2379212304-40738887-1000Core.job- c:\users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-10 02:56].2013-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3482760682-2379212304-40738887-1000UA.job- c:\users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-10 02:56]..------- Supplementary Scan -------.uStart Page = about:blankIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\6j2g9fmw.default-1357757927839\FF - ExtSQL: !HIDDEN! 2008-10-17 07:47; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-06-21 18:35Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.Completion time: 2013-06-21 18:46:48ComboFix-quarantined-files.txt 2013-06-22 01:46ComboFix2.txt 2012-08-23 23:18.Pre-Run: 24,667,684,864 bytes freePost-Run: 25,801,527,296 bytes free.- - End Of File - - 2BEA4346802E46DB12AAF8A24D3176441A1A06F62E891045814007163C1C76C3 Link to post Share on other sites More sharing options...
longbeachlouise Posted June 22, 2013 Author ID:694381 Share Posted June 22, 2013 Okay, I (1) removed java(2) ran Combofix Report: ComboFix 13-06-22.01 - Carol 06/21/2013 21:06:31.4.2 - x86Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3262.1933 [GMT -7:00]Running from: c:\users\Carol\Downloads\ComboFix.exeSP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2013-05-22 to 2013-06-22 )))))))))))))))))))))))))))))))..2013-06-22 04:35 . 2013-06-22 04:35 -------- d-----w- c:\users\Williaim\AppData\Local\temp2013-06-22 04:35 . 2013-06-22 04:35 -------- d-----w- c:\users\Public\AppData\Local\temp2013-06-22 04:35 . 2013-06-22 04:35 -------- d-----w- c:\users\Default\AppData\Local\temp2013-06-12 04:31 . 2013-06-12 04:31 -------- d-----w- c:\users\Carol\AppData\Local\Citrix2013-06-03 05:54 . 2013-06-03 05:54 -------- d-----w- c:\users\Carol\AppData\Roaming\Java...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-04-04 21:50 . 2012-06-19 15:51 22856 ----a-w- c:\windows\system32\drivers\mbam.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-09 86016]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-09 8497696]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-09 81920]"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-12-06 202032]"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzgyNDkzMzAzLVhPMTArMi1RSVgxKzQtRjEwTTEwRCsxLVgyMDEwKzItRkwxMCsxLUNJUCsyLUREVCs1MDYyNi1ERDEwRisxLVNUMTBGQVBQKzEtTDEwTSsxLUYxME0xMkFOKzIyLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLVNUMTJGT0krMS1GMTBNMTJBVSsxLUVVTEErMS1TVDEyRkFQUCsxLVNURjEwTTEyQVVGKzE∏=90&ver=2012.0.1831&mid=2f5e155032c547d6a51ed1572eb0a5f4-67a770033ab46c38be4f16cb6e0539da3b11bf91" [?].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk - c:\program files\WinTV\Ir.exe /QUIET [2011-12-16 117344]WinTV Recording Status..lnk - c:\program files\WinTV\WinTV7\WinTVTray.exe [2011-12-16 82944].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvcLocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.Contents of the 'Scheduled Tasks' folder.2013-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3482760682-2379212304-40738887-1000Core.job- c:\users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-10 02:56].2013-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3482760682-2379212304-40738887-1000UA.job- c:\users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-10 02:56]..------- Supplementary Scan -------.uStart Page = about:blankIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\6j2g9fmw.default-1357757927839\FF - ExtSQL: !HIDDEN! 2008-10-17 07:47; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-06-21 21:35Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.Completion time: 2013-06-21 22:00:42ComboFix-quarantined-files.txt 2013-06-22 05:00ComboFix2.txt 2013-06-22 01:46ComboFix3.txt 2012-08-23 23:18.Pre-Run: 23,346,454,528 bytes freePost-Run: 21,091,799,040 bytes free.- - End Of File - - 200675667DED3A929C0E5148E1DB0B481A1A06F62E891045814007163C1C76C3 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 22, 2013 Root Admin ID:694389 Share Posted June 22, 2013 I'm going to be in and out most of the weekend but I'll check back with you as soon as I can. Please go ahead and run the following in the order provided. STEP 01 Backup the Registry: Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.Please download ERUNT from one of the following links: Link1 | Link2 | Link3ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.Double click on erunt-setup.exe to Install ERUNT by following the prompts.Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.Choose a location for the backup.Note: the default location is C:\Windows\ERDNT which is acceptable.Make sure that at least the first two check boxes are selected.Click on OKThen click on YES to create the folder.Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe STEP 02 Please download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txtSTEP 03 Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts.Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.The tool will open and start scanning your system.Please be patient as this can take a while to complete.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next reply messageWhen completed make sure to re-enable your antivirusSTEP 04 Please download AdwCleaner by Xplode to your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.If prompted by the User Account Control click Yes to allow it to run.Under Actions click on the Delete button.Click OK on all prompts.You will be prompted to restart your computer. A text file will open after the restart.Please post the entire contents of that logfile to your next reply.You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.STEP 05 Please go here to run the online antivirus scannner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is untickedClick on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth TechnologyClick ScanWait for the scan to finishIf any threats were found, click the 'List of found threats' , then click Export to text file....Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
longbeachlouise Posted June 22, 2013 Author ID:694577 Share Posted June 22, 2013 Step 1: Check!Step 2: Said, No malware found. Here are the logs: Malwarebytes Anti-Rootkit BETA 1.06.0.1004www.malwarebytes.orgDatabase version: v2013.06.22.05Windows Vista Service Pack 2 x86 NTFSInternet Explorer 9.0.8112.16421Carol :: BILL [administrator]6/22/2013 11:08:10 AMmbar-log-2013-06-22 (11-08-10).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: PUPObjects scanned: 209443Time elapsed: 28 minute(s), 3 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)Physical Sectors Detected: 0(No malicious items detected)(end) ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1004© Malwarebytes Corporation 2011-2012OS version: 6.0.6002 Windows Vista Service Pack 2 x86Account is AdministrativeInternet Explorer version: 9.0.8112.16421File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 1.900000 GHzMemory total: 3420446720, free: 1779159040Downloaded database version: v2013.06.22.05Initializing...------------ Kernel report ------------ 06/22/2013 11:07:56------------ Loaded modules -----------\SystemRoot\system32\ntkrnlpa.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\BOOTVID.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\acpi.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\pciide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\msrpc.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\ecache.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\drivers\crcdisk.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\tunmp.sys\SystemRoot\system32\DRIVERS\amdk8.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\cpqbttn.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\nvsmu.sys\SystemRoot\system32\DRIVERS\usbohci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\sdbus.sys\SystemRoot\system32\DRIVERS\rimmptsk.sys\SystemRoot\system32\DRIVERS\rimsptsk.sys\SystemRoot\system32\DRIVERS\rixdptsk.sys\SystemRoot\system32\DRIVERS\nvmfdx32.sys\SystemRoot\system32\DRIVERS\athr.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\msiscsi.sys\SystemRoot\system32\DRIVERS\storport.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\CHDRT32.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\HSXHWAZL.sys\SystemRoot\system32\DRIVERS\HSX_DPV.sys\SystemRoot\system32\DRIVERS\HSX_CNXT.sys\SystemRoot\system32\drivers\modem.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\NuidFltr.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\System32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\smb.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\ssmdrv.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_atapi.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\spsys.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\mdmxsdk.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\system32\DRIVERS\xaudio.sys\SystemRoot\system32\DRIVERS\cdfs.sys\SystemRoot\System32\ATMFD.DLL\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff8694fa20Upper Device Driver Name: \Driver\disk\Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-4\Lower Device Object: 0xffffffff86859b98Lower Device Driver Name: \Driver\atapi\<<<2>>>Device number: 0, partition: 1Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff8694fa20, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\--------- Disk Stack ------DevicePointer: 0xffffffff8694f648, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff8694fa20, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\DevicePointer: 0xffffffff85ed54d8, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff86859b98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-4\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 1<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 1<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesThe directory C:\Windows\system32\drivers seems inaccessible or encrypted.Drivers scan is aborted.Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 89488948Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 211045842 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 211045905 Numsec = 23390640 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 120034123776 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-62-234421648-234441648)...Done!Scan finished=======================================Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_63_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removal finished Link to post Share on other sites More sharing options...
longbeachlouise Posted June 22, 2013 Author ID:694581 Share Posted June 22, 2013 Step 3: JRT.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.9.4 (05.06.2013:1)OS: Windows Vista Home Basic x86Ran by Carol on Sat 06/22/2013 at 12:05:40.42~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry ValuesSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweakSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweakSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{77077FEF-F2EC-462E-BA11-7E6DDEF3F2C6}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{77077FEF-F2EC-462E-BA11-7E6DDEF3F2C6} ~~~ Files ~~~ FoldersSuccessfully deleted: [Folder] "C:\Users\Carol\AppData\Roaming\registry mechanic"Successfully deleted: [Folder] "C:\Users\Carol\AppData\Roaming\systweak"Successfully deleted: [Folder] "C:\Users\Carol\appdata\local\jetmp3" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sat 06/22/2013 at 12:10:41.26End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
longbeachlouise Posted June 22, 2013 Author ID:694584 Share Posted June 22, 2013 Step 4: AdwCleaner: # AdwCleaner v2.303 - Logfile created 06/22/2013 at 12:23:39# Updated 08/06/2013 by Xplode# Operating system : Windows Vista Home Basic Service Pack 2 (32 bits)# User : Carol - BILL# Boot Mode : Normal# Running from : C:\Users\Carol\Desktop\AdwCleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] ********** [Registry] *****Key Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A0E8BC7D-6959-40B6-8E05-204D9768AD6E}Key Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}***** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16421[OK] Registry is clean.-\\ Mozilla Firefox v21.0 (en-US)File : C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\6j2g9fmw.default-1357757927839\prefs.js[OK] File is clean.*************************AdwCleaner[R1].txt - [1241 octets] - [22/06/2013 12:22:47]AdwCleaner[s1].txt - [1182 octets] - [22/06/2013 12:23:39]########## EOF - C:\AdwCleaner[s1].txt - [1242 octets] ########## ******************************End of Report********************************************************** Please view attached screenshots of popup alert on reboot from AdwCleaner (BTW, I clicked, Search, first, then Delete, so added a step.) Link to post Share on other sites More sharing options...
longbeachlouise Posted June 23, 2013 Author ID:694702 Share Posted June 23, 2013 Hi, Step 5: ESETThere was one found threat on my computer.. What is happening? There is a line through my text, on my screen! The threat had to do with bitcoin something on one of the games I didn't download. But I couldn't see "list of found threats." Okay, I got the line off! I didn't see the link. Is there anyway I could get the list of found threats now that ESET scan is over? I didn't disable it from this computer. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 23, 2013 Root Admin ID:694711 Share Posted June 23, 2013 I'm in and out running around this weekend with limited access to the site, but will check back in on you as soon as I can. The issue you're having with ERU is that it probably starts from the startup group with limited user rights. You probably need to see if you can right click over the shortcut in the START MENU -> All Programs -> Startup Inside there should be a shortcut for ERUNT AutoBackup - Right click over it and choose Properties. Then on the "Shortcut" tab click on the Advanced button and make sure there is a check mark on the "Run as administrator" and click OK. That should stop that error from happening. Restart the computer again and make sure you no longer get that error. Please run the following and also let me know if there are any other issues you're having or that you're seeing on your computer as related to possible malware. Next, download Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Thanks Link to post Share on other sites More sharing options...
longbeachlouise Posted June 25, 2013 Author ID:695466 Share Posted June 25, 2013 Inside there should be a shortcut for ERUNT AutoBackup - Right click over it and choose Properties. Then on the "Shortcut" tab click on the Advanced button and make sure there is a check mark on the "Run as administrator" and click OKI did that part. Now, I will turn the computer off, and start it in the morning, and let you know! Thanx so much! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 25, 2013 Root Admin ID:695467 Share Posted June 25, 2013 You're welcome. Please don't forget to run the Security Check as well and post back that log too. Thanks Link to post Share on other sites More sharing options...
longbeachlouise Posted June 28, 2013 Author ID:696527 Share Posted June 28, 2013 That worked! The ERNDT message stopped on reboot. Would you be patient with me, because of my spotty schedule? Next is: download and run the security check . . . Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 28, 2013 Root Admin ID:696688 Share Posted June 28, 2013 No problem - we're here as long as it doesn't take too long. Sometimes infections can change and take on a new issue if you wait too long between fixes. Link to post Share on other sites More sharing options...
longbeachlouise Posted June 29, 2013 Author ID:696822 Share Posted June 29, 2013 Hi, Here is the report for the Security Check: Results of screen317's Security Check version 0.99.68 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox 21.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamscheduler.exe windows defender MpCmdRun.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 17 % Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 29, 2013 Root Admin ID:696823 Share Posted June 29, 2013 Please note the items in red. Please open Adobe Reader and on the Help menu have it check for updates and apply them after it downloads them.Same thing for Firefox. Do Help About and there should be an item to check for updates and go ahead and update Firefox. Otherwise - How is the computer running now and are you still seeing any signs of infection? Link to post Share on other sites More sharing options...
longbeachlouise Posted June 29, 2013 Author ID:697036 Share Posted June 29, 2013 Hi, My computer seems virus-free, except it is running slow. When I surf the web, sites resolve slowly. I followed your instructions to delete java, but haven't uploaded the new one. Link to post Share on other sites More sharing options...
longbeachlouise Posted June 30, 2013 Author ID:697106 Share Posted June 30, 2013 Okay, I updated Adobe. My theocratic activities keeps me busy until tomorrow evening, or Monday. Talk to you then - thanx! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 30, 2013 Root Admin ID:697141 Share Posted June 30, 2013 Many things could cause slowness and being on Vista means your computer is quite old now and that was not the fastest system in the first place. You can open a new ticket in the General PC Help forum if you like though and see if someone can assist you with generic PC maintenance issues. http://forums.malwarebytes.org/index.php?showforum=6 I'll go ahead and close your topic now then since it appears to be clean now. Please read the following to gain more information about your computer and how to keep it safe. Best Practices for Safe Computing - Prevention of Malware Infection Thank you Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 3, 2013 Root Admin ID:698180 Share Posted July 3, 2013 Please run the following and let me know what issues remain. Please run the following scanner and send back the logs. Download DDS from one of the locations below and save to your Desktop dds.scr dds.com Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed. Then double click dds.scr or dds.com to run the tool. Click the Run button if prompted with an Open File - Security Warning dialog box. A black DOS console should open and run for a moment.When done, DDS will open two (2) logs:DDS.txtAttach.txtSave both reports to your desktopPlease include the following logs in your next reply as an attachment: DDS.txt and Attach.txt You can ignore the note about zipping the Attach.txt fileThanks Link to post Share on other sites More sharing options...
longbeachlouise Posted July 3, 2013 Author ID:698238 Share Posted July 3, 2013 Here are the attachments you asked for. Also, I added the screen capture of the blocked message, what it said when I right-clicked it, and the popup when I selected and clicked the top option.dds.txtAttach.txt Link to post Share on other sites More sharing options...
longbeachlouise Posted July 3, 2013 Author ID:698239 Share Posted July 3, 2013 Oh. It's Windows Defender. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 4, 2013 Root Admin ID:698542 Share Posted July 4, 2013 I believe that is the program from ERUNT that I had you install. c:\program files\erunt\AUTOBACK.EXE Please click on START - All Programs -> STARTUP and cut/delete the Autobackup from that folder. Next, well defender is not enough and is only a very limited program especially on Vista. Please try to download and install Microsoft Security Essentials which is a Free antivirus program from Microsoft that is a lot more capable than Defender. Then update it and do a Full System scan and let it quarantine anything it finds. Then reboot and let me know if this error is still coming up or not. Link to post Share on other sites More sharing options...
Recommended Posts