Jump to content

MarcyS

Members
  • Content count

    17
  • Joined

  • Last visited

About MarcyS

  • Rank
    Member
  • Birthday 05/23/1933
  • Age 84

Contact Methods

  • Website URL
    http://AOL
  • Age 84

Profile Information

  • Gender
    Female
  • Location
    Maryland
  • Interests
    computers - reading - volunteer work
  • OS
    Windows 7
  • Computer specs
    Desktop HP Pavilion a6030n
    17" Monitor Logicon Wireless Mouse 525
    Printer HP Officejet 6500 (E709)
    Seagate Exterior Hard Drive 500 GB
  • Age 84
  1. Broni, I realize that you've invested a lot of your time on me. However I am not going to go forward with Combofix. From your instructions, I thought the first order of business was to download the software to my desktop; then disable Mcafee before initiating the scan. In addition I was uncertain about whether it was necessary to disable Malwarebytes Premium. I do not know to do that, nor do I want to uninstall it. I made a one-time payment and my license was grandfathered when MBAM changed the way they charge for their premium software. . Those are the reasons for my previous correspondence and I apologize for any confusion I may have caused. I have read and reread your your of the instructions. Thank you very much for all your support; I learned a lot from the experience and hope that you don't have too many subscribers who are as much trouble as I have been. MarcyS
  2. Broni, First, I copied all of your 28 Feb 15 on ComboFix instructions to a word document and printed out so I could follow each one exactly. But still uncertain of myself. I set a new System Restore point. Then I attempted several times to download ComboFix from “bleeping computer” to my desktop. McAfee immediately sends a message stating that it has quarantined the site because it is an Artemis Trojan; uUnfortunately it doesn’t stay on screen long enough for me to write down the string of numbers following it. I have McAfee Security Center 12.8 provided by AOL which is the most current software. Do I have to disable McAfee prior to D/L of ComboFox? McAfee contains (1) Virus and Spyware Protection – real time scanning and (2) Web and Email Protection (Firewall). Am I supposed to disable (turn off) both? Do I need to disable my MalwareBytes and Antimaleware Professional? If yes, I don’t know how to do that. Your instructions also refer to RKill. On February 28, I downloaded the .exe. file to my desktop and posted the resulting text file to your site. It is still there – do I need to run RKill again? Thank you. MarcyS
  3. Bronij, It's not your experience that I am concerned about - it's my evident lack of! I am always the one to help my friends with computers and now find myself in the same position. Feels awkward and I feel dumb. Suppose you could say that I'm just needy and wanted someone on the phone, or at my side, to talk/walk me through it. I'll work on getting up my courage over the weekend. Enjoy yours. I hope that I provided everything you need, up to now. MarcyS
  4. Broni, thank you from the bottom of my heart for all your help. I've tried to do everything that you recommended. However, ComboFix is too overwhelming for me to even try it. I bolded the last sentence so that you will see where I am coming from. Sorry, but even with your excellent instructions, I am just too scared to even attempt it. I think this nearly 82-year old lady has gone about as far she can go! "ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program. Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper."
  5. MBAM Log: <?xml version="1.0" encoding="UTF-16"?> -<mbam-log> -<header> <date>2015/02/27 20:45:08 -0500</date> <logfile>mbam-log-2015-02-27 (20-45-07).xml</logfile> <isadmin>yes</isadmin> </header> -<engine> <version>2.00.4.1028</version> <malware-database>v2015.02.28.01</malware-database> <rootkit-database>v2015.02.25.01</rootkit-database> <license>premium</license> <file-protection>enabled</file-protection> <web-protection>enabled</web-protection> <self-protection>disabled</self-protection> </engine> -<system> <osversion>Windows 7 Service Pack 1</osversion> <arch>x86</arch> <username>Marcy</username> <filesys>NTFS</filesys> </system> -<summary> <type>threat</type> <result>completed</result> <objects>419786</objects> <time>1974</time> <processes>0</processes> <modules>0</modules> <keys>0</keys> <values>0</values> <datas>0</datas> <folders>0</folders> <files>0</files> <sectors>0</sectors> </summary> -<options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>enabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> <items> </items> </mbam-log> -------------------------------------------------------------------------- RK Report RogueKiller V10.4.3.0 [Feb 23 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Marcy [Administrator] Mode : Delete -- Date : 02/28/2015 00:07:02 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 47 ¤¤¤ [PUP] HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} (C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll) -> Not selected [PUP] HKEY_CLASSES_ROOT\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} (C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll) -> Not selected [PUP] HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} -> Not selected [PUP] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} (C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll) -> Not selected [PUP] HKEY_CLASSES_ROOT\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} ("C:\Program Files\Common Files\Software Update Utility\dnu.exe") -> Not selected [PUP] HKEY_CLASSES_ROOT\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d} -> Not selected [PUP] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} ("C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.0\ScriptHelper.exe") -> Not selected [PUP] HKEY_CLASSES_ROOT\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} -> Not selected [PUP] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} (C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll) -> Not selected [PUP] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} -> Not selected [PUP] HKEY_CLASSES_ROOT\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} ("C:\Program Files\Common Files\Software Update Utility\dnu.exe") -> Not selected [PUP] HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1} -> Not selected [PUP] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Not selected [PUP] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} ("C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.0\ScriptHelper.exe") -> Not selected [PUP] HKEY_CLASSES_ROOT\CLSID\{fd79f359-e577-46db-aa74-d6e6b8b45ba8} -> Not selected [suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 | (default) : {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> Deleted [suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 | (default) : {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> Deleted [suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 | (default) : {BBACC218-34EA-4666-9D7A-C78F2274A524} -> Deleted [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Not selected [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Not selected [suspicious.Path] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | Bomgar_Cleanup_ZD2926513792 : cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-4FF9856B" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD2926513792 /f [7][x][x][x][x][x][x][x][x][x][x][x][x] -> Deleted [suspicious.Path] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run | Bomgar_Cleanup_ZD2926513792 : cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-4FF9856B" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD2926513792 /f -> ERROR [2] [suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\0123541424953239mcinstcleanup (C:\Windows\TEMP\012354~1.EXE -cleanup -nolog) -> Not selected [suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SASDIFSV (\??\C:\Users\Marcy\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS) -> Not selected [suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SASKUTIL (\??\C:\Users\Marcy\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS) -> Not selected [PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vToolbarUpdater18.1.0 (C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe) -> Not selected [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0123541424953239mcinstcleanup (C:\Windows\TEMP\012354~1.EXE -cleanup -nolog) -> Not selected [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASDIFSV (\??\C:\Users\Marcy\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS) -> Not selected [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASKUTIL (\??\C:\Users\Marcy\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS) -> Not selected [PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater18.1.0 (C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe) -> Not selected [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\0123541424953239mcinstcleanup (C:\Windows\TEMP\012354~1.EXE -cleanup -nolog) -> Not selected [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SASDIFSV (\??\C:\Users\Marcy\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS) -> Not selected [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SASKUTIL (\??\C:\Users\Marcy\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS) -> Not selected [PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vToolbarUpdater18.1.0 (C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe) -> Not selected [PUM.HomePage] HKEY_USERS\S-1-5-21-3075684415-1507555409-553384042-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://entertainment.verizon.com/ -> Not selected [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.252.0.12 [uNITED STATES (US)] -> Not selected [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.252.0.12 [uNITED STATES (US)] -> Not selected [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.252.0.12 [uNITED STATES (US)] -> Not selected [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A72B25CD-ABBB-4A34-832A-ED3C2F316278} | DhcpNameServer : 192.168.1.1 71.252.0.12 [uNITED STATES (US)] -> Not selected [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A72B25CD-ABBB-4A34-832A-ED3C2F316278} | DhcpNameServer : 192.168.1.1 71.252.0.12 [uNITED STATES (US)] -> Not selected [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A72B25CD-ABBB-4A34-832A-ED3C2F316278} | DhcpNameServer : 192.168.1.1 71.252.0.12 [uNITED STATES (US)] -> Not selected [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3075684415-1507555409-553384042-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3075684415-1507555409-553384042-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3075684415-1507555409-553384042-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-3075684415-1507555409-553384042-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected ¤¤¤ Tasks : 1 ¤¤¤ [suspicious.Path] \\IHUninstallTrackingTASK -- CMD (/C DEL C:\Users\Marcy\AppData\Local\Temp\IHU73C6.tmp.exe) -> Deleted ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 1 ¤¤¤ [PUP][FIREFX:Addon] y5156qtf.default-1381707111834 : WindowShopper - Discover Visually [superfish@superfish.com] -> Not selected ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST332082 0AS SCSI Disk Device +++++ --- User --- [MBR] 9fe4d92aad460f8ab82ebf0cce197d70 [bSP] ceb84c3e7b096f62a58a22cb4210973b : Windows Vista/7/8 MBR Code Partition table: User = LL1 ... OK Error reading LL2 MBR! ([1] Incorrect function. ) +++++ PhysicalDrive1: Seagate FreeAgent USB Device +++++ --- User --- [MBR] 4a17fdc50796337f0ca8e4f6f96a516d [bSP] caa56e80065cec9a8ca8e233659a51b8 : Windows XP MBR Code Partition table: User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. ) ============================================ RKreport_SCN_02272015_234816.log - RKreport_SCN_02282015_000455.log
  6. The two MBAR files are attached. No cleanup was necessary. Thank you. MarcyS mbar-log-2015-02-27 (22-26-44).txt system-log.txt
  7. Okay - Here is what I did: I already have Malware Bytes Anti-Malware Premium Premium Version 2.0.4.1028. The database is up-to-date. Attached are the logs (I hope) that you wanted. I know how to set a new restore point and did so. Next I downloaded MBAR (Beta). Ran into a problem which I don't know how to resolve. Followed your instructions line by line and received following error message: This version of Malwarebytes Anti-rookit requires you to completely exit the Malwarebytes Anti-Malware application to continue. I clicked on exit and the icon in the task bar disappeared but nothing happened. Did this several times but continued to get the same message. Sorry but I don't have the slightest idea what I am doing wrong. Thank you, MarcyS
  8. Broni, Sorry for not responding sooner. I prepare taxes for seniors (no charge) and this is a busy time of year for me. Hopefully I have provided the information that you requested. Thank you. MarcyS FRST.txt Addition.txt
  9. This is a link to the video that I watched which involved so much work. Marcy
  10. Broni - thanks for the info on Farbar Recovery Scan Tool. I need a little time to digest it though. I read through the info briefly and still feeling unsure of myself, googled it and found a youTube video showing the process in detail. It involved so much DOS and I don't know DOS that well. Your instructions were clean and simple and I appreiciate. If I can get through it, will let you know the outcome. Marcy
  11. Frazzm37 - password changed, thanks to you! Marcy
  12. A friend told me that Malwarebytes Anti-Malware (Premium) is considered a second virus program even though I have been running it and Mcafee Security Suite for many years. So I disabled MBAM as well as another program that I saw on the Start setting called Authentium Inc. This program is not listed in Control Panel, Programs and Features and I have no idea what it is or if I should try to uninstall it. I also am awaiting a response from Malwarebytes because I was told a long time ago that it was compatible with McAfee and I have never had a problem running the two. I'll let you know what I hear from them. If possible, can you tell me where to go on this site to change my password from one very long string of numbers?
  13. Thank you for your comment.
  14. Good morning all. Thanks in advance for any help you are able to provide. I am running Windows 7 Home Premium 32 bit. First time I have experienced this problem. When I click on Start, and then Shut Down, neither log off or restart will work. Just started today. In addition, Task Manager or control alt delete will not work either. Have run Malware Bytes Premium and McAfee (furnished by AOL) plus McAfee Stinger. Nothing showed in any of the three scans. No virsus problems as far as I can tell. I am meticulous in computer maintenance. I run cc cleaner on a weekly basis. No unusual prorgrams showing up in Control Panel. My System Restore Point was set just yesterday. I am a little worried about running SR because several months ago when I ran it for another reason, had a lot of difficulities in getting it to finish - finally just shut computer down. Really didn't know what to do when SR would not complete and still don't. Sorry for the lengthy message - probably TMK - too much information. Thanks, MarcyS
  15. I am trying to assist a friend (early 80s) and not very computer literate. She is using Windows XP and IE8. In the last few days she has been unable to log into Criagslist (My Accoun). At the log in screen, she received message that IE is unable to display page. Does anyone have some simple guidance for me that will assist her. She lives too far away for me to go to her house and she has difficulty understanding what I tell her to do (over the phone). Thank you very much
×