Jump to content

PUP.Optional.WeCare.A & PUP.Optional.FunWebProducts.A desktop PC infection


Recommended Posts

My desktop has been acting very lethargic and taking a long time to load different websites.  I ran Malewarebytes Anti Maleware and found two line items that tell me I have a problem:  PUP.Optional.WeCare.A & PUP.Optional.FunWebProducts.A - I put them both in quarantine and now need some expert assistance to help eradicate all the maleware on my desktop pc. thank you for your help asap.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.08.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
NewDesktop_3_2010 :: NEWDESKTOP_3_10 [administrator]

11/8/2013 1:53:49 PM
mbam-log-2013-11-08 (13-53-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 282511
Time elapsed: 12 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

Hello yosoy4ever! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Here are the two logs:

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/16/2010 10:05:21 PM
System Uptime: 11/11/2013 7:26:50 PM (16 hours ago)
.
Motherboard: Dell Inc. |  | 0U880P
Processor: Intel® Celeron® CPU          450  @ 2.20GHz | CPU 1 | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 588 GiB total, 528.508 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 596 GiB total, 432.824 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.05)
Amazon MP3 Downloader 1.0.17
American Airlines Timetable
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
AT&T Troubleshoot & Resolve Tool
Avanquest update
CameraHelperMsi
CardRd81
Catalina Savings Printer
CCleaner
CCScore
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Coupon Printer for Windows
CR2
D3DX10
Dell Dock
Dell Driver Download Manager
Dell Edoc Viewer
DHTML Editing Component
Digital Line Detect
EPSON ESPR220 Reference Guide
EPSON Print CD
EPSON Printer Software
EPSON Scan
erLT
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
File Type Assistant
Garmin USB Drivers
Garmin WebUpdater
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Graboid Video 3.58
Graboid Video 3.58 Setup
IBM ViaVoice Integration With 1-2-3
IBM ViaVoice Outloud Runtime - US English
IBM ViaVoice Technology, Dictation Runtime 5.3
Intel® Graphics Media Accelerator Driver
Internet Explorer (Enable DEP)
ItsDeductible Express
Java 7 Update 45
Java Auto Updater
Junk Mail filter update
Kodak EasyShare software
Logitech Vid HD
Logitech Webcam Software
Lotus 1-2-3
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Media Go
Media Go Video Playback Engine 1.96.112.08260
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Easy Assist v2
Microsoft Office Live Add-in 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Works
Microsoft XML Parser
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
Norton Identity Safe
Norton Internet Security
Norton Utilities
novaPDF Professional Desktop 7.5 printer
OfotoXMI
ParetoLogic Data Recovery
PDFZilla V1.2.9
Power E*TRADE Pro
PowerDVD DX
Quicken 2010
Roxio Burn
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
SFR
SHASTA
skin0001
SKINXSDK
Skype™ 6.3
staticcr
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
TurboTax 2008
TurboTax 2008 wctiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wctiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wctiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wcaiper
TurboTax 2011 wctiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax Deluxe 2004
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
VLC media player 1.0.1
VPRINTOL
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WIRELESS
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/8/2013 1:21:51 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {B6C292BC-7C88-41EE-8B54-8EC92617E599}
11/8/2013 1:14:58 PM, Error: Service Control Manager [7030]  - The lxcy_device service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
11/7/2013 3:51:10 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
11/7/2013 3:51:10 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
11/12/2013 2:25:59 AM, Error: bowser [8003]  - The master browser has received a server announcement from the computer USER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CC9D20E2-0AA7-493D-93FC-2A91893487D6}. The master browser is stopping or an election is being forced.
11/11/2013 7:27:33 PM, Error: Service Control Manager [7001]  - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/11/2013 10:46:56 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
11/10/2013 2:03:14 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
.
==== End Of File ===========================
 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16514  BrowserJavaVersion: 10.45.2
Run by NewDesktop_3_2010 at 11:11:02 on 2013-11-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.1985 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k LPDService
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Norton Utilities 14\nu.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - LocalServer32 - <no file>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - LocalServer32 - <no file>
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - LocalServer32 - <no file>
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: {c585d593-e7f4-4852-a200-561686ee02e4} - <orphaned>
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: $talisma_url$
Trusted Zone: turbotax.com




DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll













TCP: NameServer = 192.168.1.254
TCP: Interfaces\{CC9D20E2-0AA7-493D-93FC-2A91893487D6} : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
============= SERVICES / DRIVERS ===============
.
R0 43985914;43985914;C:\Windows\System32\drivers\43985914.sys [2013-8-23 460888]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-2-20 55280]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-6-17 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-6-17 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [2013-11-5 1524824]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-17 169048]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD04000.00A\ccsetx64.sys [2013-6-18 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20131111.002\IDSviA64.sys [2013-11-11 521816]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-6-17 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-17 433752]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe [2013-6-18 144368]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-17 144368]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-2-8 460288]
R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2013-7-9 342528]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2013-10-22 2144056]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2010-3-10 411136]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-5 140376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-8-10 11856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-3 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-25 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-25 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-26 1255736]
.
=============== Created Last 30 ================
.
2013-11-12 13:51:15 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{45E3E515-8F39-4330-9416-EF7F96BAB7A8}\mpengine.dll
2013-11-12 00:28:15 -------- d-----w- C:\Users\NewDesktop_3_2010\AppData\Local\FileTypeAssistant
2013-11-02 14:19:42 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-02 14:19:42 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-02 14:19:42 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-02 14:19:42 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-02 14:19:42 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-02 14:19:42 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-02 14:19:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-10-29 14:02:00 26936 ----a-w- C:\Windows\System32\authuitu.dll
2013-10-29 14:02:00 22328 ----a-w- C:\Windows\SysWow64\authuitu.dll
2013-10-28 05:46:55 -------- d-----w- C:\ProgramData\Oracle
2013-10-28 05:44:25 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-27 17:56:05 45056 ----a-r- C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\UNINST_Uninstall_C_EBD1846850A64C858760A659B987DCFF.exe
2013-10-27 17:56:05 45056 ----a-r- C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\ARPPRODUCTICON.exe
2013-10-27 17:56:05 -------- d-----w- C:\Users\NewDesktop_3_2010\AppData\Roaming\Catalina – Print Savings
.
==================== Find3M  ====================
.
2013-10-22 17:37:16 35640 ----a-w- C:\Windows\System32\TURegOpt.exe
2013-10-22 17:37:12 36664 ----a-w- C:\Windows\System32\uxtuneup.dll
2013-10-22 17:37:12 30008 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2013-10-11 22:50:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-11 22:50:19 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 14:42:33 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 14:33:53 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 14:33:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-09-22 14:23:30 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-09-22 14:21:21 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-09-22 14:15:47 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-22 10:22:59 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 10:14:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-09-22 10:13:22 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 10:08:41 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-09-22 10:06:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-09-22 10:03:18 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-18 19:24:01 518 ----a-w- C:\Windows\System32\cc_20130918_152356.reg
2013-09-18 19:23:06 52676 ----a-w- C:\Windows\System32\cc_20130918_152245.reg
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-03 18:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-16 19:12:13 460888 ----a-w- C:\Windows\System32\drivers\43985914.sys
.
============= FINISH: 11:11:34.28 ===============
 

Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
  • Step 3
    • Launch Malwarebytes' Anti-Malware
    • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
    • Go to Scanner tab and select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

    In your next reply, post the following log files:

    • Junkware Removal Tool log
    • AdwCleaner log
    • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Here are the THREE logs; please advise what you want me to do next. Now it seems that I have a THIRD type of malware that has infected my pc, namely:  PUP.Optional.iBryte that I successfully removed and quarantined.  thanks !!

 

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by NewDesktop_3_2010 on Tue 11/12/2013 at 12:32:40.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\theseaapp

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\NewDesktop_3_2010\appdata\local\filetypeassistant"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/12/2013 at 12:47:58.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.012 - Report created 12/11/2013 at 13:01:44
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : NewDesktop_3_2010 - NEWDESKTOP_3_10
# Running from : C:\Users\NewDesktop_3_2010\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514

-\\ Mozilla Firefox v

*************************

AdwCleaner[R0].txt - [1084 octets] - [20/08/2013 15:14:32]
AdwCleaner[R1].txt - [3163 octets] - [11/11/2013 19:22:36]
AdwCleaner[R2].txt - [931 octets] - [12/11/2013 12:59:41]
AdwCleaner[s0].txt - [1164 octets] - [20/08/2013 15:18:19]
AdwCleaner[s1].txt - [3139 octets] - [11/11/2013 19:25:32]
AdwCleaner[s2].txt - [853 octets] - [12/11/2013 13:01:44]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [912 octets] ##########

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.12.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
NewDesktop_3_2010 :: NEWDESKTOP_3_10 [administrator]

11/12/2013 1:09:39 PM
mbam-log-2013-11-12 (13-09-39).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 453433
Time elapsed: 1 hour(s), 22 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\NewDesktop_3_2010\Desktop\Setup.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

I wanted to get back to you and advise that I am having PROBLEMS running the ESET online scan - i believe because of BAD LUCK.  My pc was running the scan fine, with THREE of the drives having been scanned, the first one on the list regarding programs and my c: and E: drives.  the scan had been running up to 10 hours when I last looked, and it was scanning my E: (my hard disk back up drive) when I last looked at where it was at.  i then checked the status and it was at 12 1/2 hours and STILL scanning my E: drive (WITH NO INFECTED FILES FOUND TO THAT POINT) - THEN the unimaginable happened at my house - WE HAD A MOMENTARY POWER OUTAGE....and it was enough seconds to make my PC power off and when it restarted ALL THE hours of scan had disappeared and i was back to the page where it all started and asked me to do the Scan all over again !!  I followed the steps and changed the DRIVES to be scanned TO BE ONLY the program and C: drives (Since it seemed my E: drive was the ONE taking all these extra hours to scan).  I then set the scan to go, and then noted ANOTHER power outage at a little more than TWO HOURS and then again I had to RUN THE SCAN AGAIN.  At the two hour mark, no infected files had been found).  Now the scan is running again, and hopefully I WILL GET A COMPLETE SCAN of the program and c: drives accomplished.  One question i have:  how come it takes so long to scan my E: drive ?  is my pc backed up on there and shouldn't it only have the same amount of DATA on it as my c: drive does, or ARE ALL THE BACKUPS I HAVE DONE IN THE PAST year just being STORED on there, over and over, and saved on the E: drive, so that I have an INCREDIBLE AMOUNT of data on there ?  Do i need to REMOVE all the "old" backups so that it is NOT OVERBURNED with old back up data ?  I appreciate your continued assistance and will keep you informed of what this last scan discloses.  In the meantime, do you have any other suggestions for an ALTERNATE SCAN of my pc, other than ESET that does not take SO LONG ?  And please let me know if my CHANGING the scan drives to only programs and c: was the RIGHT THING to do, or is it ESSENTIAL that i include the E: drive in a scan ?  Thanks.  yosoy4ever   thurs. 11/14/13 at 11:01 am edst 

Link to post
Share on other sites

Hi - this LAST scan finally finished, taking 2 hours 23 minutes AND had zero infected files and zero cleaned files.  I did not UNINSTALL it yet, wanting to hear YOUR response to my post above as to the necessity or not for scannng my E: drive.  I will wait to hear the NEXT step from you. thank you.

Link to post
Share on other sites

Hello - I guess you are not available to respond.  I understand.  In any event, I am going out now and won't be home for over 9 hours, SO I DOWNLOADED ESET again and started up a scan of ONLY MY E:\ back up drive this time, so hopefully there will be NO POWER OUTAGES here at my home  and we can get a good look if there are ANY infected files on my E:\ drive.  I will let you know the results tomorrow. thank you.l  yosoy4ever   thursday   november 14, 2013 at 3:10 pm

Link to post
Share on other sites

Hello - the scan on E:\ alone just ran 11 hours 45 minutes and some infected files WERE found and put in quarantine.  here is a copy of the log.  Please let me know what the next step is.  Thanks. yosoy4ever  friday 11/15/13 at 1:02 am edst

 

 

E:\NEWDESKTOP_3_10\Backup Set 2012-11-08 154604\Backup Files 2013-02-07 125607\Backup files 5.zip Win32/Toolbar.MyWebSearch application deleted - quarantined
E:\NEWDESKTOP_3_10\Backup Set 2013-06-17 143019\Backup Files 2013-08-19 190016\Backup files 1.zip multiple threats deleted - quarantined
E:\NEWDESKTOP_3_10\Backup Set 2013-06-17 143019\Backup Files 2013-08-19 190016\Backup files 2.zip Win32/InstallIQ.C application deleted - quarantined
E:\NEWDESKTOP_3_10\Backup Set 2013-08-26 190017\Backup Files 2013-09-30 190015\Backup files 1.zip a variant of Win32/HiddenStart.A application deleted - quarantined
 

Link to post
Share on other sites

It seems my PC is more responsive today.  The ONLY problem I see is that I got a pop up this morning, saying that THE BACKUP of my files on my E:\ dirve was unsuccessful.  I have the schedule set up for 6 am on Friday mornings.  I took a look at the back up message and it said:  Back up error code 0x8100031.  I went to start/maintenance/backup and tried to get my PC to do a back up...and AGAIN I got the same error message.  Please tell me what to do next.  Is this backup problem being caused by the malware we found on it from the ESET scan ?  Thank you for your continued help and I await your next direction.  yosoy4ever   Friday 11/15/13 at 8:14 am edst

Link to post
Share on other sites

I did what you said and disabled the backup system as directed.  Being worried that I have not backed up my PC in a week or so since we started working on this maleware problem, I went to START/MAINTENANCE/BACKUP AND RESTORE and tried to do a back up again.....and ALL I GOT WAS THE SAME 0x81000031 message.  As I read the FOR DUMMIES - how to turn off the backup in Windows 7 - IT WAS NOT THE CASE THAT I KEPT GETTING pop ups telling me to backup my system.  I got the above ERROR notice message WHEN I TRIED to back up my PC.  So, just turning off the "scheduling of backups" did absolutely nothing for me.  So now what do I do ?  Please advise as soon as possible, as I really like to back up ALL MY PC at least weekly and here it is now almost a week since we have been working on this maleware problem and all of a sudden I get these ERROR MESSAGES.  Please help asap. thanks.

Link to post
Share on other sites

I took a look at the microsoft solution you mentioned above, but I want to know BEFORE I DO THAT...am I going to lose any information in my pc, like my favorites or my passwords, or anything else ?  I cannot imagine what has CAUSED this non-ability to do a back up on my pc - AS I NEVER HAD THIS PROBLEM BEFORE DOING ALL THE DIFFERENT STEPS that you gave me above.  Please advise WHAT THE CONSEQUENCES are if I do this microsoft disk solution BEFORE I do it..and let me know IF THERE IS ANY OTHER WAY other than this method to help me with this problem.  thanks.

Link to post
Share on other sites

Creator of your operating system is Microsoft Corporation, to whose official website directs my link. I think they know best what is the most appropriate approach for their users. To get to the publication of such material it passes through the many experts who have repeated to be sure about the recommended methods. If you don't trust them, I think you have chosen the wrong operating system. Reviewed their proposed ways to solve your problem and don't see any huge risks to your data.

Link to post
Share on other sites

Hi Maniac: thanks for getting back to me. I just want to let you know that it has NOTHING TO DO with trusting Microsoft and using IE 9 - it has to do with the realization that when you HAVE NEVER had any problems with your PC and HAVE NEVER faced a problem like this, i.e. not being able to use my pc hard disk backup system - it is wise and prudent to KNOW UP FRONT what will happen to the CONTENTS of your PC if YOU DO WHAT YOU SUGGEST.  Its better to be safe than sorry and to leap head long into a "system repair disk" adventure is foolish if you don't ask QUESTIONS first.  Here are the FIVE SYSTEM RECOVERY option descriptions, and I would like to know WHICH ONE IS THE ONE I NEED TO DO TO FIX MY PROBLEM when I do the System Repair Disk start up ?  How do i use this disk, do I have to change the STARTUP ORDER or something to make my PC restart from the repair disk as compared to the "usual startup" scenario ?  Thank you for your continued assistance and guidance.

 

System recovery optionDescription

System recovery option

1. Startup Repair

Description

Fixes certain problems, such as missing or damaged system files, that might prevent Windows from starting correctly. For more information, see Startup Repair: frequently asked questions.

System recovery option

2.System Restore

Description

Restores your computer's system files to an earlier point in time without affecting your files, such as e‑mail, documents, or photos.

If you use System Restore from the System Recovery Options menu, you cannot undo the restore operation. However, you can run System Restore again and choose a different restore point, if one exists. For more information, see What is System Restore?and System Restore: frequently asked questions.

System recovery option

3.System Image Recovery

Description                

You need to have created a system image beforehand to use this option. A system image is a personalized backup of the partition that contains Windows, and includes programs and user data, like documents, pictures, and music. For more information, see What is a system image?

System recovery option

4.Windows Memory Diagnostic Tool

Description                          

Scans your computer's memory for errors. For more information, see Diagnosing memory problems on your computer.

System recovery option

5.Command Prompt

Description

Advanced users can use Command Prompt to perform recovery-related operations and also run other command line tools for diagnosing and troubleshooting problems.

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.