Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: JPDisturbed on November 15, 2013, 04:43:58 PM
-
This problem just recently started. I've tried just about everything I know to do from Checking memory, running defrag, CCleaner and System Restore etc. I use Google Chrome as default browser, and it will freeze as well as off net features like after opening Control Panel, then going to exit from it, will freeze and say Internet Explorer encountered a problem (and I do not use IE) and needs to be restarted, or will ask me if I want to wait for it to respond, close program or reload the program. But even after clicking option to just close it (and it's not even open to begin with), it will say it's sending an error report and take ten years on that, and so I attempt to close that part and it refuses to close, so I hit Escape and STILL it will not close out (freezes), and the screen will have a white haze on it. This happens with just about any part of the laptop I attempt to work on, with and use. Only works for short period of time before the issues act up. In safe mode the issues do not happen. There are no existing other users on the laptop. There is 2G Memory.
Also, while in browser, it suddenly started asking me to allow cookies on sites I frequent anyhow. It's never done that before either. And prior to this, would tell me a program or something is wanting permission to add cookies or something on my computer, with options to allow, block, do not allow, do not ask me this again etc. This issue (freezing) also happens if I want to preview any pictures on my laptop.
If there is anything and I mean ANYTHING anyone can provide to help me with this problem to be fixed, PLEASE by all means...ANY and ALL HELP is GREATLY appreciated!
Oh and I have Windows Vista
-
Oh and after hitting escape to get one of those windows that says it's sending an error report seems to be the only way they will close. But the white haze always shows up afterwards too. White haze and freeze happens when I attempt to close out browser altogether, and CTRL+F4 doesn't even close em out.
-
Sounds like you may be infected with malware. Have you run any virus scans with up to date definitions, as well as run a tool called Malwarebytes to check for malware?
I submitted a suggestion to moderator to move this to Computer Viruses and Spyware section where you will get help from specialists. Please do not post a duplicate post to that forum or elsewhere, this will get redirected to that section if the moderator agrees with my diagnosis of what you have for an issue based on information shared.
Also, while in browser, it suddenly started asking me to allow cookies on sites I frequent anyhow. It's never done that before either. And prior to this, would tell me a program or something is wanting permission to add cookies or something on my computer, with options to allow, block, do not allow, do not ask me this again etc.
In safe mode the issues do not happen.
-
Ok Thank you very much for letting me know. Where is there a trusted site to get that tool?
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download AdwCleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner)by Xplode onto your Desktop.
- Please close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with OK
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
*********************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
•Warning! Once the scan is complete JRT will shut down your browser with NO warning.
•Shut down your protection software now to avoid potential conflicts.
•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Copy and Paste the JRT.txt log into your next message.
-
First of all, thank you so very much for your detailed and very informative reply! :) Second, you mentioned not to run any other scans while working with you on this problem. Should I turn my antivirus program off since it does automatic scans on it's own? I use AVAST!. And should I download each of those tools you added separately and run them each after each download? Or should I download them each after one another, and then run them separately as you instruct after one another?
I hope that made sense lol.
-
Oh and yes, I am able to get online on the computer we are speaking of. Out of curiosity, I've never heard of holding down SHIFT while inserting a USB device, as you described. What does that do exactly, if I may ask?
-
First of all, thank you so very much for your detailed and very informative reply! :) Second, you mentioned not to run any other scans while working with you on this problem. Should I turn my antivirus program off since it does automatic scans on it's own? I use AVAST!. And should I download each of those tools you added separately and run them each after each download? Or should I download them each after one another, and then run them separately as you instruct after one another?
I hope that made sense lol.
You did mention temporarily shutting down any antivirus software during the JRT scan. Would that be the only time I'd do this, or should I Temp. Shutdown before performing any of the scans to avoid any conflicts?
-
Text File After running AdwCleaner:
# AdwCleaner v3.012 - Report created 15/11/2013 at 23:51:29
# Updated 11/11/2013 by Xplode
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Username : Owner - JANEE-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files\AskBarDis
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
Folder Deleted : C:\Users\Owner\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Owner\AppData\Local\PackageAware
Folder Deleted : C:\Users\Owner\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Owner\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6wv9rj96.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6wv9rj96.default\Extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
File Deleted : C:\END
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6wv9rj96.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3198785
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16514
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6wv9rj96.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [6906 octets] - [15/11/2013 23:47:11]
AdwCleaner[S0].txt - [6870 octets] - [15/11/2013 23:51:29]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6930 octets] ##########
After running and completing AdwCleaner and it restarted, Avast! Antivirus Sandbox opened as well. It opened Manage Add-Ons and read, "View and manage your Internet Explorer add-ons". It's left panel read,
Add-On Types
-Toolbars and Extensions
- Search Providers
- Accelerators
- Tracking Protection
In a window pane to the right of that shows w/ columns
Name/Status/Listing Order/Search Suggestions/Top Result. Under each (a couple under Status were blank but one) in the order above:
Google (name), 1 (Listing Order), enabled (Search Suggestions) Not Available (Top Result)
Next Line:
Yahoo! (Name), Default (Status), 2 (Listing), enabled (Search Suggestions), Not Available (Top Result)
Next Line:
eBay (Name), 3 (Listing Order), enabled (search suggestions), Not Available (Top Result)
A Bottom Pane under those two read as follows:
"Select the Search Provider You Want to View or Change" and at the bottom of that w/ two check boxes already checked read:
- Prevent programs from suggesting changes to my default search provider
- Search in the address bar
Thereafter, below those were two clickable links that read:
- Find more search providers
- Learn more about search provider preferences
I've never seen this pop up before in Avast! antivirus program. I didn't click on anything, nor on any of the clickable links w/in any part of that which showed up, save for Close to close it out. Also, I've not had Mozilla Firefox on this machine and noticed AdwCleaner showed some things from that in it's lists.
And it didn't give me an option to Delete, just to Clean.
-
Also, I had to go back into Safe Mode in order to go here to post this, as when I tried to in normal boot, things were still freezing up, and not letting me get online using IE (before any of this posted at all to you, I Uninstalled my Google Chrome thinking maybe if I did so then reinstalled would fix the problem). I was connected to the internet, it's just that the freeze made it difficult to get online w/o freezing up with that all white haze in windows.
-
This tool didn't give me any time to say whether to restart or not. It just restarted on it's own and found 1 files infected.
2013/11/16 01:58:36 -0500 JANEE-PC Owner MESSAGE Starting protection
2013/11/16 01:58:36 -0500 JANEE-PC Owner MESSAGE Protection started successfully
2013/11/16 01:58:36 -0500 JANEE-PC Owner MESSAGE Starting IP protection
2013/11/16 01:58:58 -0500 JANEE-PC Owner MESSAGE IP Protection started successfully
2013/11/16 01:59:19 -0500 JANEE-PC Owner MESSAGE Starting database refresh
2013/11/16 01:59:19 -0500 JANEE-PC Owner MESSAGE Stopping IP protection
2013/11/16 01:59:21 -0500 JANEE-PC Owner MESSAGE IP Protection stopped successfully
2013/11/16 01:59:27 -0500 JANEE-PC Owner MESSAGE Database refreshed successfully
2013/11/16 01:59:27 -0500 JANEE-PC Owner MESSAGE Starting IP protection
2013/11/16 01:59:34 -0500 JANEE-PC Owner MESSAGE IP Protection started successfully
2013/11/16 03:29:15 -0500 JANEE-PC Owner MESSAGE Starting protection
2013/11/16 03:29:17 -0500 JANEE-PC Owner MESSAGE Protection started successfully
2013/11/16 03:29:17 -0500 JANEE-PC Owner MESSAGE Starting IP protection
2013/11/16 03:29:28 -0500 JANEE-PC Owner MESSAGE IP Protection started successfully
-
Should I turn my antivirus program off since it does automatic scans on it's own? I use AVAST!. And should I download each of those tools you added separately and run them each after each download? Or should I download them each after one another, and then run them separately as you instruct after one another?
Please leave your AV active unless requested before running a scan. You should download and run each scanner in the sequence I've instructed.
I've never heard of holding down SHIFT while inserting a USB device, as you described. What does that do exactly, if I may ask?
It prevents any chance of cross-infections.
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
This is the JRT Log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista (TM) Home Basic x86
Ran by Owner on Sat 11/16/2013 at 16:59:09.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{362269bd-c93c-460f-9255-3bd667eb7f0a}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Owner\appdata\local\cre"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/16/2013 at 17:05:31.11
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Ok now I am off to do the Combofix. After all of this is done and posted logs, what then? I can tell there was something like spyware and stuff it may have caught. I just assume that from the amount of time this has all taken (not long for them at all), we caught it before it done too much damage. And will this stop all those grey little windows from popping up asking me to constantly allow, block etc. cookies? Because I've never had that before this either. And I do mean a lot whenever I go to any page online now. They just relentlessly keep popping up!
Do you think I should contact my antivirus company and tell them what's going on, and ask them why these things aren't being caught like they're supposed to, as they claimed their product would also protect from?
-
I am hoping this will soon be fixed. I have done everything you asked in the order you specified. Have not done anything else in between etc. What's next? :)
ComboFix Log
ComboFix 13-11-16.01 - Owner 11/16/2013 17:43:01.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1915.1060 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\system32\FlashPlayerApp.exe
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((( Files Created from 2013-10-16 to 2013-11-16 )))))))))))))))))))))))))))))))
.
.
2013-11-16 22:52 . 2013-11-16 22:53 -------- d-----w- c:\users\Owner\AppData\Local\temp
2013-11-16 22:52 . 2013-11-16 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-16 21:51 . 2013-11-16 21:51 -------- d-----w- c:\windows\ERUNT
2013-11-16 06:58 . 2013-11-16 06:58 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2013-11-16 06:57 . 2013-11-16 06:57 -------- d-----w- c:\programdata\Malwarebytes
2013-11-16 06:57 . 2013-11-16 06:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-16 06:57 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-16 06:45 . 2013-11-16 06:45 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E42377D-538F-4325-A264-FEDBCD5E3C18}\offreg.dll
2013-11-16 04:46 . 2013-11-16 04:53 -------- dc----w- C:\AdwCleaner
2013-11-15 19:33 . 2013-10-16 05:20 7796464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E42377D-538F-4325-A264-FEDBCD5E3C18}\mpengine.dll
2013-11-15 19:33 . 2013-11-15 19:33 -------- dc----w- C:\3c17a5aa777f7cf316b2facc44
2013-11-13 20:46 . 2013-10-03 12:45 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 20:46 . 2013-10-03 12:45 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 20:45 . 2013-10-11 02:08 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 20:45 . 2013-10-11 02:07 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-24 23:40 . 2013-10-24 23:40 -------- d-----w- c:\users\Owner\AppData\Roaming\AVAST Software
2013-10-21 04:35 . 2013-10-21 04:35 -------- d-----w- c:\programdata\AVAST Software
2013-10-21 04:32 . 2013-06-29 02:07 197632 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-21 04:32 . 2013-06-29 02:07 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-21 04:32 . 2013-06-29 02:06 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-21 04:32 . 2013-06-29 02:07 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-21 04:32 . 2011-05-05 13:54 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-21 04:32 . 2011-05-05 13:54 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-21 04:32 . 2013-07-12 09:04 73344 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2013-10-21 04:32 . 2013-06-26 23:01 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-21 04:32 . 2013-07-04 04:21 532480 ----a-w- c:\windows\system32\comctl32.dll
2013-10-21 04:31 . 2013-07-03 02:10 25472 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-21 04:25 . 2013-10-08 11:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-15 19:32 . 2009-05-07 09:29 403440 ----a-w- c:\windows\system32\drivers\aswsp.sys
2013-10-21 04:39 . 2013-03-04 10:07 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-21 04:39 . 2013-03-04 10:07 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-21 04:39 . 2011-04-04 02:14 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-21 04:39 . 2009-05-07 09:29 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-10-21 04:39 . 2009-05-07 09:29 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-10-21 04:39 . 2009-05-07 09:29 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-10-21 04:39 . 2009-05-07 09:29 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-21 04:39 . 2010-07-08 13:38 43152 ----a-w- c:\windows\avastSS.scr
2013-10-21 04:39 . 2009-05-07 09:29 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-21 04:13 . 2011-06-16 14:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-03 18:35 . 2009-10-02 23:22 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-26 09:13 . 2013-08-26 09:13 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-21 04:39 321752 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-09-25 22:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 22:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-09-25 22:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-09-25 22:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-09-25 22:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-09-25 22:37 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-08-21 450560]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2013-08-07 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-08-29 1861968]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2013-10-21 3568312]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-08-29 00:23 1861968 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMPDPSRV]
2002-07-11 14:31 45056 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\LMpdpsrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2013-07-24 06:43 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-13 04:13]
.
2013-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-21 08:51]
.
2013-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-21 08:51]
.
2013-11-15 c:\windows\Tasks\User_Feed_Synchronization-{34AFA83A-3AA9-4C01-BD31-2998440DB7FB}.job
- c:\windows\system32\msfeedssync.exe [2013-07-24 06:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: Add to AMV/AVI Video Converter... - c:\program files\Media Player Utilities 4.24\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-toscdspd - TOSCDSPD.EXE
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-16 17:53
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-11-16 17:55:54
ComboFix-quarantined-files.txt 2013-11-16 22:55
.
Pre-Run: 35,394,928,640 bytes free
Post-Run: 35,816,771,584 bytes free
.
- - End Of File - - D655678F5C2966954F3F2C20C7E8139D
5B5E648D12FCADC244C1EC30318E1EB9
-
Hello Dave,
I also wanted to add that prior to the help I received with you now, my audio works fine on the laptop itself, but to open up anything like a video online, the audio was not working for some unknown reason. Everything was turned up etc. Also, whenever I wanted to update the Windows defender, Java, or Flash Player, nothing would happen upon clicking on the links to do so as indicated by the programs that needed updates! Would any of the issues we are working on cause these issues as well? Sounds likely, but for knowledge sake, just wanted to know.
Thank you again, and look forward to hearing back from you soon. :)
Janee
-
just assume that from the amount of time this has all taken (not long for them at all), we caught it before it done too much damage
It takes only a few seconds for malware to do all the damage it's instructed to do.
And will this stop all those grey little windows from popping up asking me to constantly allow, block etc. cookies?
It depends on what program is causing those popups. I could be your protection programs doing that.
Do you think I should contact my antivirus company and tell them what's going on, and ask them why these things aren't being caught like they're supposed to, as they claimed their product would also protect from?
This is quite possibly not a virus but malware.
I didn't see the log from MBAM. Were you able to run it? If you couldn't run it, please try running it in Safe Mode
-
Yes it was the one with all the dates in it. I reposted it below. Was there something else supposed to come up? Because this was all that was in the log given.
2013/11/16 01:58:36 -0500 JANEE-PC Owner MESSAGE Starting protection
2013/11/16 01:58:36 -0500 JANEE-PC Owner MESSAGE Protection started successfully
2013/11/16 01:58:36 -0500 JANEE-PC Owner MESSAGE Starting IP protection
2013/11/16 01:58:58 -0500 JANEE-PC Owner MESSAGE IP Protection started successfully
2013/11/16 01:59:19 -0500 JANEE-PC Owner MESSAGE Starting database refresh
2013/11/16 01:59:19 -0500 JANEE-PC Owner MESSAGE Stopping IP protection
2013/11/16 01:59:21 -0500 JANEE-PC Owner MESSAGE IP Protection stopped successfully
2013/11/16 01:59:27 -0500 JANEE-PC Owner MESSAGE Database refreshed successfully
2013/11/16 01:59:27 -0500 JANEE-PC Owner MESSAGE Starting IP protection
2013/11/16 01:59:34 -0500 JANEE-PC Owner MESSAGE IP Protection started successfully
2013/11/16 03:29:15 -0500 JANEE-PC Owner MESSAGE Starting protection
2013/11/16 03:29:17 -0500 JANEE-PC Owner MESSAGE Protection started successfully
2013/11/16 03:29:17 -0500 JANEE-PC Owner MESSAGE Starting IP protection
2013/11/16 03:29:28 -0500 JANEE-PC Owner MESSAGE IP Protection started successfully
-
I found this one from Mbam. I must've missed it. Sorry:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.16.06
Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Owner :: JANEE-PC [administrator]
Protection: Disabled
11/16/2013 9:43:40 PM
mbam-log-2013-11-16 (21-43-40).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 363927
Time elapsed: 1 hour(s), 2 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Owner\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-us.cab (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
(end)
-
Download Windows Repair (all in one) from this site (http://www.tweaking.com/content/page/windows_repair_all_in_one.html")
Install the program then run it.
Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:
(http://i424.photobucket.com/albums/pp322/digistar/p22001645_zpsbdf6bc2c.gif)
Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:
(http://i424.photobucket.com/albums/pp322/digistar/p22001646_zps9085a83b.gif)
Go to Step 4 and under "System Restore" click on Create button:
(http://i424.photobucket.com/albums/pp322/digistar/p22001644_zpsc3ec1267.gif)
Go to Start Repairs tab and click Start button.
(http://i424.photobucket.com/albums/pp322/digistar/p22001166_zpsc22a3285.gif)
Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
(http://i424.photobucket.com/albums/pp322/digistar/p22001647_zpsfe785392.gif)
Click on box next to the Restart System when Finished. Then click on Start.
-
Question (actually 2): Is this a program of your own? And if so, how young in Beta is it? If not, do you know? And has it worked for others that have used it? If this is your program, I must say after reading on the site, I am impressed and this is a great idea and service for others and to help them. :)
Also, regarding the items to check, are those ones you noticed within the logs posted that may have errors, and need fixed, or were affected by what caused all of this to begin with? And was the issue malware?
Ok, maybe more than 2 questions...sorry :)
P.S. And by resetting some of the files and their permissions, will this at all effect any existing personal folders/files I have on it?
-
Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.Superdave.
-
Ok Dave,
I did all of that. But for some reason my audio isn't working, Task Manager won't open, the anti-virus icon that was on the bottom right on taskbar isn't there anymore (but I believe it's still running). I know the sound card is fine. It was working great before all of this happened. And the Task manager won't pop up or even show it's open after hitting CTRL+ALT+Delete.
Are there now drivers that I should get again, or update?
Oh and after Step 2 as instructed above, Restarted. Well it booted to the Windows loading screen and was stuck there. Was that supposed to happen?
-
Question (actually 2): Is this a program of your own?
No, it's one I borrowed from a colleague.
And by resetting some of the files and their permissions, will this at all effect any existing personal folders/files I have on it?
No, it shouldn't. It's just to do repairs but you should backup all your important data to an external hard drive of DVD's.
Are there now drivers that I should get again, or update?
Oh and after Step 2 as instructed above, Restarted. Well it booted to the Windows loading screen and was stuck there. Was that supposed to happen?
No updates should be require and no, it's not supposed to happen that way. Can you boot in Safe Mode?
-
Hello again, Dave, :)
Oh and I meant to say Sound Processor, not card lol.
Yes I can boot in Safe Mode and Normally as well. Sometimes it takes a little while to restart/shutdown, and sometimes it does both just fine!
It's just for some reason, those issues are happening, and also won't let me open anything in Control Panel. I've double-clicked, Right-clicked to open/Explore and still nothing comes up! ??? I've also tried to open a music file using Windows Media Player, and it was still in waiting mode (WMP was) with the blue circle going around. It would play sound on the laptop itself but not online, but now it isn't, and online still too. I am confident this can be fixed. Just a little disconcerting is all.
And believe you me, I really appreciate all you're doing for me! I just hope we can figure out what's going on is all. I hope options haven't run out :-\ I am almost completely positive we caught all of this very soon after it was placed in to do whatever havoc it was aiming to do. In that Hope, I have that we are able to make sure nothing is wrong with whatever these things touched!
Once I'm in Safe mode, what should I do then? Or should I do this after I backup? I will wait for your reply, and then go from there. In the meantime, will work on backing things up.
Talk soon!
-
Once I'm in Safe mode, what should I do then? Or should I do this after I backup? I will wait for your reply, and then go from there. In the meantime, will work on backing things up.
Yes, please work at backing up your important data.
Please try running this and see if it makes any difference.
Please download and run MS Fix-it from here. (http://support.microsoft.com/mats/AudioPlayback/en-us?entrypoint=lightbox)
-
Ok. I will post to you Dave, when I'm finished backing everything up.
Please be patient with me, as we're also dealing with some family and friend issues
after the major storms on Sunday. If you have anyone that was also involved in these storms,
I really hope they're ok!
Again, I will post to you here when finished backing up, then let you know when ready to ms fix.
-
Hello Dave,
I believe I have what I need backed up...backed up. Now I am guessing I ms fix-it now? Should I post anything after I am finished with this procedure? Oh, and before I commence, what should I expect after ms fix-it is done? Like, what will this program do for my laptop?
Thank you in advance,
Janee
-
Hello Dave,
I believe I have what I need backed up...backed up. Now I am guessing I ms fix-it now? Should I post anything after I am finished with this procedure? Oh, and before I commence, what should I expect after ms fix-it is done? Like, what will this program do for my laptop?
Thank you in advance,
Janee
It's supposed to repair a number of things in Windows. Please tell me if it's still freezing. If it is, please try this: Open your task manager and leave it open. When the laptop freezes, see if you can access the processes in Task Manager to see with is using all the memory.