Can't get rid of Adware

Robert the Bruce · 05-May-2012, 12:28 PM **#46**

ComboFix 12-05-05.05 - Rowe 05/05/2012 17:02:00.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1451 [GMT 1:00]
Running from: c:\documents and settings\Rowe\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\Rowe\My Documents\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Rowe\Application Data\inst.exe
c:\documents and settings\Rowe\Application Data\PriceGong
c:\documents and settings\Rowe\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Rowe\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Rowe\Application Data\vso_ts_preview.xml
c:\documents and settings\Rowe\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\NEW37.tmp
c:\windows\system32\NEW45.tmp
c:\windows\system32\NEW46.tmp
c:\windows\system32\roboot.exe
c:\windows\system32\SETA0.tmp
c:\windows\system32\SETAC.tmp
c:\windows\system32\SETF4.tmp
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-05 13:49 . 2012-04-12 23:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E24263AB-CA96-4358-A6B3-A85D436EA6D9}\mpengine.dll
2012-05-04 10:21 . 2012-04-12 23:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-02 14:39 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-02 14:37 . 2012-05-02 14:38 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-02 14:26 . 2012-05-02 14:26 10288512 ----a-w- c:\program files\mseinstall.exe
2012-05-02 14:17 . 2012-05-02 14:17 -------- dc----w- c:\documents and settings\All Users\Uniblue
2012-04-26 18:50 . 2012-04-26 18:50 -------- d-----w- c:\documents and settings\Rowe\Application Data\ElevatedDiagnostics
2012-04-16 18:18 . 2012-04-18 06:35 -------- d-----w- c:\documents and settings\Rowe\Local Settings\Application Data\LogMeIn Rescue Applet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 19:47 . 2012-04-03 09:44 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 19:47 . 2011-05-18 16:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-02 20:47 . 2012-04-02 20:47 25685128 ----a-w- c:\program files\wordview_en-us.exe
2012-03-20 19:44 . 2012-03-20 19:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-02 17:33 . 2012-03-02 17:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-02 17:33 . 2010-06-05 09:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 23:58 . 2011-09-29 16:45 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:58 . 2011-09-29 16:45 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:58 . 2010-06-03 16:07 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-29 23:58 . 2010-06-03 16:07 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58 . 2010-06-03 16:07 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58 . 2010-06-03 16:07 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58 . 2010-06-03 16:07 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-29 23:58 . 2006-10-29 15:16 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58 . 2006-10-29 15:16 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58 . 2006-10-29 15:16 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 23:58 . 2006-10-29 15:16 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 20:30 . 2010-04-03 18:22 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30 . 2010-04-03 18:23 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30 . 2010-04-03 18:23 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30 . 2010-04-03 18:23 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-29 20:30 . 2010-04-03 18:23 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2003-08-27 13:19 . 2010-06-02 20:34 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-05_13.39.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-05 15:59 . 2012-05-05 15:59 16384 c:\windows\Temp\Perflib_Perfdata_88.dat
+ 2012-05-05 15:59 . 2012-05-05 15:59 16384 c:\windows\Temp\Perflib_Perfdata_700.dat
+ 2004-08-04 12:00 . 2012-05-05 16:03 67862 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2012-05-05 12:39 67862 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2012-05-05 16:03 433098 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2012-05-05 12:39 433098 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-15 39408]
"Akamai NetSession Interface"="c:\documents and settings\Rowe\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R800"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9YE.EXE" [2005-01-13 98304]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-04 273528]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VideoCam Suite.lnk - c:\program files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe [2011-8-12 349584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reboot.exe]
backup=c:\windows\pss\Reboot.exeCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-07-31 10:45 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
2003-08-27 13:20 94208 ----a-r- c:\windows\SM1bg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Rowe\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"1056:TCP"= 1056:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04/08/2004 13:00 14336]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [21/02/2012 21:15 2348352]
R3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;c:\windows\system32\drivers\BCMWL5.SYS [02/06/2010 13:12 372480]
S1 bhjavovc;bhjavovc;\??\c:\windows\system32\drivers\bhjavovc.sys --> c:\windows\system32\drivers\bhjavovc.sys [?]
S1 enrdtbrw;enrdtbrw;\??\c:\windows\system32\drivers\enrdtbrw.sys --> c:\windows\system32\drivers\enrdtbrw.sys [?]
S1 fctzjrqs;fctzjrqs;\??\c:\windows\system32\drivers\fctzjrqs.sys --> c:\windows\system32\drivers\fctzjrqs.sys [?]
S1 fejhjcvg;fejhjcvg;\??\c:\windows\system32\drivers\fejhjcvg.sys --> c:\windows\system32\drivers\fejhjcvg.sys [?]
S1 jmusqmwj;jmusqmwj;\??\c:\windows\system32\drivers\jmusqmwj.sys --> c:\windows\system32\drivers\jmusqmwj.sys [?]
S1 nxkrioic;nxkrioic;\??\c:\windows\system32\drivers\nxkrioic.sys --> c:\windows\system32\drivers\nxkrioic.sys [?]
S2 bwcdrv;bwcdrv;c:\windows\system32\drivers\BWCDRV.SYS [21/12/2003 09:21 19840]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [08/06/2010 23:20 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [03/04/2012 10:44 257696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [03/06/2010 16:12 1684736]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [08/06/2010 23:20 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 19:47]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-08 22:20]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-08 22:20]
.
2012-05-05 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]
.
2012-05-05 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]
.
2012-05-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-861567501-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 13:40]
.
2012-05-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-861567501-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 13:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-05 17:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\08\00\1c\0b4;?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\msv1_0.dll
.
Completion time: 2012-05-05 17:10:06
ComboFix-quarantined-files.txt 2012-05-05 16:10
ComboFix2.txt 2012-05-05 13:41
.
Pre-Run: 57,460,260,864 bytes free
Post-Run: 57,490,661,376 bytes free
.
- - End Of File - - E8CDD58287DFCFDC3760FD3878D41FB4

Glaswegian · 05-May-2012, 12:58 PM **#47**

Hi

No need to go back to Virustotal - I found the file details using one of the identifiers in the log you posted - the file was clean.

Once you have posted the Malwarebytes scan results I'll post further instructions.

Robert the Bruce · 05-May-2012, 01:58 PM **#48**

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.05.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Rowe :: ROWE-B1115B646A [administrator]

Protection: Enabled

05/05/2012 17:33:19
mbam-log-2012-05-05 (17-33-19).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 291351
Time elapsed: 47 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\system32\Tools\ChPrio.exe (Spyware.Password) -> Quarantined and deleted successfully.

(end)
I'm pissed off to say the least. This is the 6th attempt at getting back on here. After the Malware scan I restarted my computer. It froze after start-up. As soon as I tried to do anything the screen either froze or I was left with the egg-timer icon. This happened a further 5 times. Why ? Why wasn't I told that this might happen ?

Robert the Bruce · 06-May-2012, 07:25 AM **#49**

I'm now starting to feel a little disconcerted. Lack of replies to my last post is leaving me with a feeling of helplessness. Switching on my computer to-day I had the same problem. After start-up my computer freezes and I'm left with a egg-timer (loading) icon. Microsoft Essentials icon on the taskbar is RED at this point. I had to press the restart button on the front of my computer and just hope for the best.
What worries most is the fact that I lost my job recently and so can't afford computer repairs or a new computer, moreover I need the computer to look for a job. Where are you ?

Robert the Bruce · 07:33 AM

After switching on my computer both yesterday and to-day I found that my computer screen once started up tends to freeze. I'm left with the loading egg-timer icon. My Microsoft Essentials icon on the taskbar is red at this point. I'm forced to press the restart button at the front of my computer in order to re-start and then hope for the best.
This new problem only started after, see thread here http://forums.techguy.org/virus-othe...ml#post8345263.
I lost my job recently and so cannot afford repairs or a new computer. Moreover, I need my computer to look for a job. One problem has led straight into another. What happened ?

**Drabdr** · 06-May-2012, 07:53 AM **#51**

Robert the Bruce,

I have merged the information from the thread you just started into one thread. Please do not start duplicate threads on the same subject.

Please be patient with the helpers.

**LauraMJ** · 06-May-2012, 08:20 AM **#52**

Quote:

I'm now starting to feel a little disconcerted. Lack of replies to my last post is leaving me with a feeling of helplessness.

Did you happen to notice the size of the logs and information you are giving your helper? EACH AND EVERY single line of those logs has to be researched and analyzed in order to give YOU the highest quality help and instructions and to provide YOU with as much protection and care for YOUR computer as possible. ALL OF THIS is done without asking for any pay or even really any thanks.

It would be just a bit nice if you would show just a small amount of gratitude and patience for someone's extreme attention to detail and hard work.......all for YOUR benefit.....and wait until they have had time to analyze and research YOUR problems.

Robert the Bruce · 06-May-2012, 08:53 AM **#53**

All I know is my computer could be on the verge of breaking down entirely, and me with it through no fault of my own. I'm well aware those guys do a good job and if I knew as much about computers as they do I also would be helping other folk. I'm sure you understand that as far as I knew my computer was almost fixed, and now this. Thing is, now my computer has another problem and that was AFTER following instructions. I just can't understand why I wasn't told this might happen and what to do if it did. I just hope they haven't given up on me. I'll try to be patient but I hope you can understand my desperation.

**Cookiegal** · 09:55 AM

I believe a false positive detection by MalwareBytes (and subsequent file quarantine) is responsible for the problems you're currently experiencing. MalwareBytes is an excellent program and false detections do occur with EVERY security program at times. That is why we always recommend that default action be set to quarantine rather than remove or delete so that things can be restored, if necessary. Unfortunately, false detections are impossible for any malware removal specialist to foresee.

I am in the process of verifying this with the developers of MalwareBytes. If I'm correct then we can restore the file. Please bear with us and do not attempt to restore the file until we hear back from them. They may need something from you in order to verify the integrity of this particular file and/or why it was detected and we would appreciate your patience and cooperation in that regard.

**LauraMJ** · 06-May-2012, 09:22 AM **#55**

Quote:

Originally Posted by Robert the Bruce

All I know is my computer could be on the verge of breaking down entirely, and me with it through no fault of my own. I'm well aware those guys do a good job and if I knew as much about computers as they do I also would be helping other folk. I'm sure you understand that as far as I knew my computer was almost fixed, and now this. Thing is, now my computer has another problem and that was AFTER following instructions. I just can't understand why I wasn't told this might happen and what to do if it did. I just hope they haven't given up on me. I'll try to be patient but I hope you can understand my desperation.

Desperation is one thing (and pretty normal here, I might add), rudeness, impatience, cursing at helpers (like wtf in an earlier post) is quite another and is really not acceptable. While you may realize it because of your desperation, some of your posts have not been very polite, or even nice. So as far as your comment to "back off" is concerned--It's my job here as Administrator to bring that to a poster's attention and insist on civility and politeness with helpers. We all understand your desperation and confusion....the vast majority of posters here are in the same boat as you. You are not the first, nor will you be the last to be worried and concerned about your computer. However, from here on out, I suggest you take a deep breath and try to create posts that ask questions in a polite and patient manner.

Quote:

I'm sure you understand that as far as I knew my computer was almost fixed, and now this.

I'm not sure why you thought that, as Glaswegian seemed rather clear that you had multiple problems yet to be fixed.

At any rate, it would probably be helpful if you ask your helper that sort of thing as they can give you a clearer estimation of how close to being fixed it is.

Robert the Bruce · 06-May-2012, 09:25 AM **#56**

OK, points taken.

**Cookiegal** · 06-May-2012, 09:47 AM **#57**

It has been confirmed to me that it was indeed a false positive and will be fixed in the next update. The developers are very quick to address such things, I might add. As I'm not sure when the next update comes out and you seem to have downloaded the trial version of MalwareBytes rather than the free version, should a detection pop up again on this same file do not allow MBAM to quarantine it (tell it to ignore).

So please open the MalwareBytes program and click on the Quarantine tab. There should be two items in there but ONLY one is a false positive so please highlight ONLY the following entry:

C:\WINDOWS\system32\Tools\ChPrio.exe

Then go down to the right and click on the button that says "Restore" then exit the program. If you're unsure of the process, I'm including a link that has a video showing how to do it:

http://helpdesk.malwarebytes.org/ent...rom-quarantine

Then reboot the machine and hopefully this will improve the performance although there are still some issues with malware that can have some effect. Please wait now for Glaswegian to continue this with you.

Robert the Bruce · 06-May-2012, 10:42 AM **#58**

OK I've done that. I'll reboot my computer now but I have a horrible feeling about this. Are you saying that my computer wasn't starting properly and getting stuck on the egg-timer/loading icon because of that false positive ?

**Cookiegal** · 06-May-2012, 11:05 AM **#59**

Yes, because the file was related to a reboot program tied to the motherboard.

Robert the Bruce · 06-May-2012, 11:18 AM **#60**

OK, here goes.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Can't get rid of Adware

Find the solution to your computer problem!

Find the solution to your
computer problem!