Jump to content

Recommended Posts

OH NO!!!!! I just discovered that whatever is on my hard drive is wiping out all my files!!!!!!!!!!!!!!!!!! Many are GONE!!!!!!

 

(Yes, I have my hard drive backed up).

 

Help anyone! Caintry-Boy sent me to this forum from my post/thread at http://forums.pcpitstop.com/index.php?/topic/201014-werfaultexe-application-error-cant-do-tests-etc/page-8 .

 

He tolld me to download that file and when I went to save it in my download folder, I doscovered that my files are being deleted from my computer!!!!!!! They are not 'all' gone yet, but many of my folders are now EMPTY.

 

 

Please help!!!

Link to post
Share on other sites
  • Replies 81
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

You'll have to re-run DDS after removing some things. Just copy/paste the DDS AND the Attach logs both no need to zip. I'm going to thin this thread out so there are not so many posts. ;)

 

edidt: just edit out the old DDS log above and add the new one along with the Attach log. Remember copy and paste both.

 

 

 

 

:geezer:

Link to post
Share on other sites

Here is the new info from the DDS.com scan ---

 

dds.txt ---

 

DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.17.2Run by elizabeth at 15:19:14 on 2013-06-21Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3518.2018 [GMT -4:00].AV: Lavasoft Ad-Aware *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Lavasoft Ad-Aware *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}.============== Running Processes ================.C:Windowssystem32wininit.exeC:Windowssystem32lsm.exeC:Windowssystem32nvvsvc.exeC:Program FilesNVIDIA CorporationDisplaynvxdsync.exeC:Windowssystem32nvvsvc.exeC:WindowsSystem32spoolsv.exeC:Program FilesAd-Aware AntivirusAdAwareService.exeC:Program FilesCommon FilesAdobeARM1.0armsvc.exeC:Windowssystem32taskhost.exeC:Windowssystem32Dwm.exeC:WindowsExplorer.EXEC:Program FilesHPHP Software Updatehpwuschd2.exeC:Program FilesCommon FilesJavaJava Updatejusched.exeC:ProgramDataAd-Aware Browsing Protectionadawarebp.exeC:ProgramDataSearch ProtectionSearchProtection.exeC:Program FilesNVIDIA CorporationDisplaynvtray.exeC:Windowssystem32SearchIndexer.exeC:Program FilesWindows Media Playerwmpnetwk.exeC:Program FilesNVIDIA CorporationNVIDIA Update Coredaemonu.exeC:PROGRA~1AD-AWA~1AdAware.exeC:Program FilesAd-Aware AntivirusSBAMSvc.exeC:Windowssystem32taskhost.exec:Program FilesMicrosoft Security ClientMsMpEng.exeC:Program FilesMicrosoft Security Clientmsseces.exec:Program FilesMicrosoft Security ClientNisSrv.exeC:Windowssystem32WUDFHost.exeC:UserselizabethAppDataRoamingmjusbspmagicJack.exeC:Program FilesMozilla Firefoxfirefox.exeC:Windowssystem32SearchProtocolHost.exeC:Windowssystem32SearchFilterHost.exeC:Windowssystem32conhost.exeC:Windowssystem32wbemwmiprvse.exeC:Windowssystem32svchost.exe -k DcomLaunchC:Windowssystem32svchost.exe -k RPCSSC:WindowsSystem32svchost.exe -k LocalServiceNetworkRestrictedC:WindowsSystem32svchost.exe -k LocalSystemNetworkRestrictedC:Windowssystem32svchost.exe -k LocalServiceC:Windowssystem32svchost.exe -k netsvcsC:Windowssystem32svchost.exe -k NetworkServiceC:Windowssystem32svchost.exe -k LocalServiceNoNetworkC:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonationC:WindowsSystem32svchost.exe -k HPZ12C:WindowsSystem32svchost.exe -k HPZ12C:Windowssystem32svchost.exe -k imgsvcC:WindowsSystem32svchost.exe -k LocalServicePeerNet.============== Pseudo HJT Report ===============.BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dllBHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:program filesadawaretbadawareDx.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:program filesjavajre7binssv.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesjavajre7binjp2ssv.dllTB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:program filesadawaretbadawareDx.dllEB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>uRun: [cdloader] "c:userselizabethappdataroamingmjusbspcdloader2.exe" MAGICJACKmRun: [HP Software Update] c:program fileshphp software updateHPWuSchd2.exemRun: [sunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"mRun: [Ad-Aware Browsing Protection] "c:programdataad-aware browsing protectionadawarebp.exe"mRun: [search Protection] c:programdatasearch protectionSearchProtection.exemRun: [Ad-Aware Antivirus] "c:program filesad-aware antivirusAdAwareLauncher" --windows-runmRun: [MSC] "c:program filesmicrosoft security clientmsseces.exe" -hide -runkeydRunOnce: [sPReview] "c:windowssystem32spreviewSPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0TCP: NameServer = 192.168.1.254TCP: Interfaces{B135E294-BFCC-466F-9CC6-12CCCBF3F212} : DHCPNameServer = 192.168.1.254SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath -.============= SERVICES / DRIVERS ===============.R0 gfibto;gfibto;c:windowssystem32driversgfibto.sys [2013-6-17 13560]R0 MpFilter;Microsoft Malware Protection Driver;c:windowssystem32driversMpFilter.sys [2013-1-20 195296]R1 MpKsldfa47276;MpKsldfa47276;c:programdatamicrosoftmicrosoft antimalwaredefinition updates{132e13d7-0a89-4a19-9bba-991a93490b91}MpKsldfa47276.sys [2013-6-20 29904]R2 Ad-Aware Service;Ad-Aware Service;c:program filesad-aware antivirusAdAwareService.exe [2013-3-18 1236336]R2 NisDrv;Microsoft Network Inspection System;c:windowssystem32driversNisDrvWFP.sys [2013-1-20 100328]R2 SBAMSvc;Ad-Aware;c:program filesad-aware antivirusSBAMSvc.exe [2012-9-20 3677000]R2 sbapifs;sbapifs;c:windowssystem32driverssbapifs.sys [2012-9-12 66344]R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:windowssystem32driversb57nd60x.sys [2009-7-13 229888]R3 NisSrv;Microsoft Network Inspection;c:program filesmicrosoft security clientNisSrv.exe [2013-1-27 295232]S3 gfiark;gfiark;c:windowssystem32driversgfiark.sys [2013-6-17 41584]S3 StorSvc;Storage Service;c:windowssystem32svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]S3 TsUsbFlt;TsUsbFlt;c:windowssystem32driversTsUsbFlt.sys [2013-3-27 52224]S3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32watWatAdminSvc.exe [2013-3-27 1343400].=============== Created Last 30 ================.2013-06-21 01:00:33 60872 ----a-w- c:programdatamicrosoftmicrosoft antimalwaredefinition updates{132e13d7-0a89-4a19-9bba-991a93490b91}offreg.dll2013-06-21 01:00:33 29904 ----a-w- c:programdatamicrosoftmicrosoft antimalwaredefinition updates{132e13d7-0a89-4a19-9bba-991a93490b91}MpKsldfa47276.sys2013-06-21 00:54:59 724464 ----a-w- c:programdatamicrosoftmicrosoft antimalwaredefinition updates{6a74ab35-7cdf-48d4-b3a3-a59ceb3c18eb}gapaengine.dll2013-06-21 00:54:52 7068072 ----a-w- c:programdatamicrosoftmicrosoft antimalwaredefinition updates{132e13d7-0a89-4a19-9bba-991a93490b91}mpengine.dll2013-06-21 00:50:57 -------- d-----w- c:program filesMicrosoft Security Client2013-06-20 20:02:10 -------- d-----w- c:userselizabethappdataroamingQuickScan2013-06-19 20:53:36 -------- d--h--w- c:windowsAxInstSV2013-06-19 20:33:29 -------- d-----w- c:userselizabethappdataroamingCheckPoint2013-06-19 20:26:23 -------- d-----w- c:programdataCheckPoint2013-06-19 20:25:49 -------- d-----w- c:programdataSUPERSetup2013-06-17 19:33:57 41584 ----a-w- c:windowssystem32driversgfiark.sys2013-06-17 17:33:25 -------- d-----w- c:programdataAd-Aware Antivirus2013-06-17 17:32:48 -------- d-----w- c:userselizabethappdataroamingLavasoftStatistics2013-06-17 17:26:38 -------- d-----w- c:windowssystem32driversVDD2013-06-17 17:26:38 -------- d-----w- c:program filesAd-Aware Antivirus2013-06-17 17:26:32 -------- d-----w- c:programdataDownloaded Installations2013-06-17 17:26:28 -------- d-----w- c:programdataSearch Protection2013-06-17 17:26:27 -------- d-----w- c:userselizabethappdatalocaladawarebp2013-06-17 17:26:27 -------- d-----w- c:programdatablekko toolbars2013-06-17 17:26:27 -------- d-----w- c:programdataadawaretb2013-06-17 17:26:26 -------- d-----w- c:programdataAd-Aware Browsing Protection2013-06-17 17:26:22 -------- d-----w- c:program filesToolbar Cleaner2013-06-17 17:26:18 -------- d-----w- c:program filesadawaretb2013-06-17 17:25:24 13560 ----a-w- c:windowssystem32driversgfibto.sys2013-06-17 17:25:24 -------- d-----w- c:userselizabethappdataroamingAd-Aware Antivirus2013-06-17 16:56:33 -------- d-----w- c:program filesPanda Security2013-06-17 02:33:52 -------- d-----w- c:programdataPCPitstop2013-06-17 02:33:20 -------- d-----w- c:program filesPCPitstop2013-06-14 21:04:08 7016152 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{0bfda924-dd52-4445-824b-7021129fa1b1}mpengine.dll2013-06-12 07:02:13 2706432 ----a-w- c:windowssystem32mshtml.tlb2013-06-12 07:02:13 218112 ----a-w- c:program filesinternet explorersqmapi.dll2013-06-12 06:08:11 3913576 ----a-w- c:windowssystem32ntoskrnl.exe2013-06-12 06:08:10 3968872 ----a-w- c:windowssystem32ntkrnlpa.exe2013-06-12 06:08:09 903168 ----a-w- c:windowssystem32certutil.exe2013-06-12 06:08:09 43008 ----a-w- c:windowssystem32certenc.dll2013-06-12 06:08:09 140288 ----a-w- c:windowssystem32cryptsvc.dll2013-06-12 06:08:09 1160192 ----a-w- c:windowssystem32crypt32.dll2013-06-12 06:08:09 103936 ----a-w- c:windowssystem32cryptnet.dll2013-06-12 06:08:07 492544 ----a-w- c:windowssystem32win32spl.dll2013-06-12 06:08:06 1293672 ----a-w- c:windowssystem32driverstcpip.sys.==================== Find3M ====================.2013-05-17 01:25:57 1767936 ----a-w- c:windowssystem32wininet.dll2013-05-17 01:25:27 2877440 ----a-w- c:windowssystem32jscript9.dll2013-05-17 01:25:26 61440 ----a-w- c:windowssystem32iesetup.dll2013-05-17 01:25:26 109056 ----a-w- c:windowssystem32iesysprep.dll2013-05-16 17:32:01 71048 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl2013-05-16 17:32:01 692104 ----a-w- c:windowssystem32FlashPlayerApp.exe2013-05-14 08:40:13 71680 ----a-w- c:windowssystem32RegisterIEPKEYs.exe2013-05-02 15:28:50 238872 ------w- c:windowssystem32MpSigStub.exe2013-04-30 07:01:48 9728 ---ha-w- c:windowssystem32api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-04-12 13:45:29 1211752 ----a-w- c:windowssystem32driversntfs.sys2013-04-10 05:18:40 728424 ----a-w- c:windowssystem32driversdxgkrnl.sys2013-04-10 05:18:40 218984 ----a-w- c:windowssystem32driversdxgmms1.sys2013-04-10 03:14:06 2347520 ----a-w- c:windowssystem32win32k.sys2013-04-08 03:25:42 94112 ----a-w- c:windowssystem32WindowsAccessBridge.dll2013-04-08 03:25:42 861088 ----a-w- c:windowssystem32npDeployJava1.dll2013-04-08 03:25:42 782240 ----a-w- c:windowssystem32deployJava1.dll2013-04-04 18:50:32 22856 ----a-w- c:windowssystem32driversmbam.sys2013-03-28 02:43:52 152576 ----a-w- c:windowssystem32msclmd.dll.============= FINISH: 15:19:45.35 ===============

 

 

 

 

 

---------------------------------------------------------------------------------------

attach.txt ----

 

.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 ProfessionalBoot Device: DeviceHarddiskVolume1Install Date: 3/27/2013 5:32:07 PMSystem Uptime: 6/19/2013 11:28:50 PM (40 hours ago).Motherboard: Dell Inc. | | 0YP696Processor: AMD Athlon Dual Core Processor 4450B | Socket M2 | 2300/1000mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 466 GiB total, 407.85 GiB free.D: is CDROM ()E: is CDROM ()F: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP27: 5/16/2013 3:00:11 AM - Windows UpdateRP28: 5/21/2013 7:05:32 PM - Windows UpdateRP29: 5/28/2013 9:14:31 AM - Windows UpdateRP30: 6/4/2013 8:38:18 AM - Windows UpdateRP31: 6/7/2013 6:13:43 PM - Windows UpdateRP32: 6/12/2013 2:07:08 AM - Windows UpdateRP33: 6/12/2013 3:00:13 AM - Windows UpdateRP34: 6/19/2013 11:59:09 PM - Scheduled CheckpointRP35: 6/20/2013 8:54:23 PM - Windows Update.==== Installed Programs ======================.32 Bit HP CIO Components InstallerAd-Aware AntivirusAd-Aware Security Add-onAdobe Flash Player 11 PluginAdobe Reader X (10.1.4)Google Earth Plug-inGoogle Update HelperIrfanView (remove only)Java 7 Update 17Java Auto UpdaterLegacy 7.5magicJackMalwarebytes Anti-Malware version 1.75.0.1300Microsoft Security ClientMicrosoft Security EssentialsMozilla Firefox 21.0 (x86 en-US)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)NVIDIA Control Panel 307.83NVIDIA Graphics Driver 307.83NVIDIA Install ApplicationNVIDIA Update 1.10.8NVIDIA Update ComponentsZoneAlarm LTD Toolbar.==== Event Viewer Messages From Past Week ========.6/19/2013 9:20:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache kl2 KLIF NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Vsdatant Wanarpv6 WfpLwf6/19/2013 9:20:03 PM, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: A device attached to the system is not functioning.6/19/2013 4:33:47 PM, Error: Service Control Manager [7030] - The TrueVector Internet Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.6/19/2013 10:07:32 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.6/19/2013 10:07:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}6/19/2013 10:07:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}6/19/2013 10:07:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}6/19/2013 10:07:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}6/19/2013 10:07:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}6/19/2013 10:07:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}6/19/2013 10:06:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf6/19/2013 10:06:54 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.6/19/2013 10:06:54 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.6/19/2013 10:06:54 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.6/19/2013 10:06:54 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.6/19/2013 10:06:54 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.6/19/2013 10:06:54 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.6/19/2013 10:06:54 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.6/19/2013 10:06:54 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.6/19/2013 10:06:54 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.6/19/2013 10:06:54 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning..==== End Of File ===========================

Link to post
Share on other sites

Sorry, I'm late!

 

Please download (free version) Malwarebytes' Anti-Malware to your desktop
http://www.malwarebytes.org/products/malwarebytes_free/
* Double-click mbam-setup.exe and follow the prompts to install the program.Right click to run as Administrator, using Windows 7 or Vista.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.

Link to post
Share on other sites

Hi,

 

My computer is now disconnecting frequently from the internet so I am having a hard time getting this posted......

 

 

Here is the lo from MBAM --

 

Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.06.24.04Windows 7 Service Pack 1 x86 NTFSInternet Explorer 10.0.9200.16618elizabeth :: ELIZABETH-PC [administrator]6/24/2013 12:49:00 PMmbam-log-2013-06-24 (12-49-00).txtScan type: Full scan (C:|D:|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 333334Time elapsed: 52 minute(s), 8 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)

----------------------------------------------------------------------------------------------

 

 

But I know that can't be right because my computer is doing all sorts of weird stuff like changing the size of the desktop icons sometimes, my mouse didn't work for a while, sometimes when I try to go to a page that I was just on agian it brings up that "unsafe......get me out of here" warning message, I'm getting bumped off the internet frequently, etc. etc.

 

MBAM now has a blue and yellow 'ball' in the lower right corner of the desktop icon . Is that a normal part of the icon? I don't remember seeing it before. When I right click on it and then on Properties, it says "SECURITY: This file came from another computer and might be blocked to help protect this computer." And there is an "Unblock" button, but I have not unblocked it.

Link to post
Share on other sites

Looks like you have a few too many anti-virus programs running...

 

Download CKScanner from here http://downloads.malwareremoval.com/CKScanner.exe

Save it to your desktop. <=== IMPORTANT

Right click (and choose to run as Administrator) CKScanner.exe and click Search For Files. It may appear as nothing is being done, but be patient.After a very short time, when the cursor hourglass disappears, click Save List To File.A message box will verify that the file is saved.Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Link to post
Share on other sites

CKScanner 2.3 - Additional Security Risks - These are not necessarily badc:userselizabethdocumentsfoodloversplanrecipesthatworkbutnotpartofplanturkey breast and apple cracker stack.txtc:userselizabethdocumentsrecipesnotsenttokidsgraham cracker pudding squares.txtc:userselizabethdocumentsrecipesnotsenttokidsno bake graham cracker cheesycake.txtc:userselizabethdocumentsrecipesnotsenttokidsseasoned oyster crackers.txtc:userselizabethdocumentsrecipessenttokidsgraham cracker blueberry muffins.txtscanner sequence 3.EM.11.QENAOQ ----- EOF -----

 

 

I've been downloading, running, and deleting all sorts of scanners, both online and other, ever since all this started so I have no idea what is still on my computer and what was removed and what still might be there in bits and pieces.....

Link to post
Share on other sites

Download AdWareCleaner http://www.bleepingcomputer.com/download/adwcleaner/
or from here http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner
to your desktop

1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
2.Click on Delete button.
3.Confirm each time with OK.

4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:AdwCleaner[sn].txt as well - n is the order number.

Posted Image

 

Next,

 

Please download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Link to post
Share on other sites

Hi,

 

I am going to have to halt my efforts to clean my computer for now and move to trying to clean my husband's desktop.........he really nneds is computer. I am going to create a new topic and ask for help to fix his desktop.

 

 

All our problems began when we used public WiFi places while traveling. We checked our main email accounts there. When we got home, but before we realized that someone had gained access to our email, we checked our email accounts on our home desktop computers. Then all 3 of our computers became infected. I do not understand at all how this happens. How does it get from our laptop to our other desktops? I really want to understand so we can prevent it from happening again when we travel, which we will be doing again at the end of July.

 

While traveling, we checked our main email accounts. That was all we did. When we checked them after ariving home, there were some weird looking emails in there, sort of like a foreign language. We deleted those without opening them. But my husband opened one that has his name in the subject line. But he did not click on the link inside it, he just deleted it.

 

I will begin a new thread and continue to ask for help in cleaning his computers. I am so very grateful for all the help I get whenever I need to come here for help!!!

Link to post
Share on other sites

Elizabeth, I want you to flush the DNS cache and restore Microsoft's Hosts File on both of your computers ...

 

Copy and paste these lines in Note pad.

 

@Echo on
pushdwindowssystem32driversetc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

 

Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

 

After you've done that,

download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

 

Now, on your computer.... Download Security Check by screen317 from here http://screen317.spywareinfoforum.org/SecurityCheck.exe or here http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.

Link to post
Share on other sites

I did the flush.bat and TFC on my husband's computer. I will come back after I do them on my computer.

 

 

Question - My husband's computer has had the "Found new hardware" box popping up every time I start his computer for the past two days. But I don't know what the new hardware would be. How can I find out what it is trying to install???

 

WSE just had to upgrade our internet service to Uverse so I don't know if that has anything to do with the new hardware box or not. We did get a new modem.

Link to post
Share on other sites

My computer ----

 

I did the flush.bat and TFC on my computer.

 

And here is the checkup file from that scan ---

 

I Results of screen317's Security Check version 0.99.68
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.5
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Mozilla Firefox 21.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Link to post
Share on other sites

Please do this ...

Download AdWareCleaner http://www.bleepingc...oad/adwcleaner/or from here http://general-chang...de/2-adwcleanerto your desktop

1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.2.Click on Delete button.3.Confirm each time with OK.4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:AdwCleaner[sn].txt as well - n is the order number.

Link to post
Share on other sites

Here is the file -

 

# AdwCleaner v2.303 - Logfile created 06/29/2013 at 00:53:44# Updated 08/06/2013 by Xplode# Operating system : Windows 7 Professional Service Pack 1 (32 bits)# User : elizabeth - ELIZABETH-PC# Boot Mode : Normal# Running from : C:UserselizabethDesktopAdwCleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] ********** [Registry] ********** [internet Browsers] *****- Internet Explorer v10.0.9200.16611[OK] Registry is clean.*************************AdwCleaner[s1].txt - [2034 octets] - [24/06/2013 21:38:14]AdwCleaner[s2].txt - [588 octets] - [29/06/2013 00:53:44]########## EOF - C:AdwCleaner[s2].txt - [647 octets] ##########

Link to post
Share on other sites

Looks good ... I'd like you to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Link to post
Share on other sites

hmmm, not seeing any problems with those scans.

 

Are you still missing files, and/or are they still being 'wiped out'?

 

Download Farbar Service Scanner

Save to the Desktop

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press: Scan
  • FSS creates a log, FSS.txt, on the Desktop.

Please provide the FSS.txt in your reply. <<---

Link to post
Share on other sites

Farbar Service Scanner Version: 27-06-2013Ran by elizabeth (administrator) on 29-06-2013 at 21:14:06Running from "C:UserselizabethDesktop"Microsoft Windows 7 Professional Service Pack 1 (X86)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy:==================System Restore:============System Restore Disabled Policy:========================Action Center:============Windows Update:============Windows Autoupdate Disabled Policy:============================Windows Defender:==============WinDefend Service is not running. Checking service configuration:The start type of WinDefend service is set to Demand. The default start type is Auto.The ImagePath of WinDefend service is OK.The ServiceDll of WinDefend service is OK.Windows Defender Disabled Policy:==========================[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows Defender]"DisableAntiSpyware"=DWORD:1Other Services:==============File Check:========C:Windowssystem32nsisvc.dll => MD5 is legitC:Windowssystem32Driversnsiproxy.sys => MD5 is legitC:Windowssystem32dhcpcore.dll => MD5 is legitC:Windowssystem32Driversafd.sys => MD5 is legitC:Windowssystem32Driverstdx.sys => MD5 is legitC:Windowssystem32Driverstcpip.sys => MD5 is legitC:Windowssystem32dnsrslvr.dll => MD5 is legitC:Windowssystem32mpssvc.dll => MD5 is legitC:Windowssystem32bfe.dll => MD5 is legitC:Windowssystem32Driversmpsdrv.sys => MD5 is legitC:Windowssystem32SDRSVC.dll => MD5 is legitC:Windowssystem32vssvc.exe => MD5 is legitC:Windowssystem32wscsvc.dll => MD5 is legitC:Windowssystem32wbemWMIsvc.dll => MD5 is legitC:Windowssystem32wuaueng.dll => MD5 is legitC:Windowssystem32qmgr.dll => MD5 is legitC:Windowssystem32es.dll => MD5 is legitC:Windowssystem32cryptsvc.dll => MD5 is legitC:Program FilesWindows DefenderMpSvc.dll => MD5 is legitC:Windowssystem32ipnathlp.dll => MD5 is legitC:Windowssystem32iphlpsvc.dll => MD5 is legitC:Windowssystem32svchost.exe => MD5 is legitC:Windowssystem32rpcss.dll => MD5 is legit**** End of log ****

 

 

 

is it possible that after all the scanning that has been done that my computer is ok now? It seems to be fine now, other than an occasional 'mouse jumping around the screen' thing. But that isn't happening nearly a much as it was at first.

 

When i first started this thread, it seemed like my files were disappearing because my folders said they were empty when I clicked on them, but that didn't last long and when I checked, everything seems to be there and ok. I have no idea what was going on at first.

 

I know that at the beginning, when I first came here for help, my settings were definitely changed. My eyesight isn't too good so I always had the fonts/text/icons set to large size, but now all that has been set back to what I guess is the default. I haven't tried to enlarge them again yet.

 

I have been running a lot of the sme scans on my husband's laptop and desktop that you had me doing to my computer. I know how busy you are and figured that would help. They do seem to be running better, smoother. I have made sure that all 3 computers have a firewall, an antivirus, and an antispyware program on them now.

 

I guess if you think my computer is fine now, we could move on to working on my husband's deaktop and laptop.??

Link to post
Share on other sites

Windows Defender is included with Microsoft Security Essentials. If Windows Defender is still running... type or copy/paste in the Windows "start orb":

Services.msc... click on the little gear icon, then scroll down to "Windows Defender", right click on it, choose "Properties", click on the 'start-up type', then choose disabled. Click apply and okay your way out.

 

If your computer is acting like it should, then let's proceed with your Husband's. Please let me know!!

 

Read this about using Windows Defender with Microsoft Security Essentials http://blogs.msdn.com/b/securitytipstalk/archive/2010/08/26/microsoft-security-essentials-vs-windows-defender.aspx

Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...