1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can't get rid of Adware

Discussion in 'Virus & Other Malware Removal' started by Robert the Bruce, May 2, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Robert the Bruce

    Robert the Bruce Thread Starter

    Joined:
    Aug 16, 2006
    Messages:
    1,137
    ComboFix 12-05-05.05 - Rowe 05/05/2012 17:02:00.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1451 [GMT 1:00]
    Running from: c:\documents and settings\Rowe\My Documents\ComboFix.exe
    Command switches used :: c:\documents and settings\Rowe\My Documents\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Rowe\Application Data\inst.exe
    c:\documents and settings\Rowe\Application Data\PriceGong
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Rowe\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Rowe\Application Data\vso_ts_preview.xml
    c:\documents and settings\Rowe\GoToAssistDownloadHelper.exe
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
    c:\windows\system32\dllcache\dlimport.exe
    c:\windows\system32\NEW37.tmp
    c:\windows\system32\NEW45.tmp
    c:\windows\system32\NEW46.tmp
    c:\windows\system32\roboot.exe
    c:\windows\system32\SETA0.tmp
    c:\windows\system32\SETAC.tmp
    c:\windows\system32\SETF4.tmp
    E:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-05 13:49 . 2012-04-12 23:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E24263AB-CA96-4358-A6B3-A85D436EA6D9}\mpengine.dll
    2012-05-04 10:21 . 2012-04-12 23:36 6734704 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-05-02 14:39 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-02 14:37 . 2012-05-02 14:38 -------- d-----w- c:\program files\Microsoft Security Client
    2012-05-02 14:26 . 2012-05-02 14:26 10288512 ----a-w- c:\program files\mseinstall.exe
    2012-05-02 14:17 . 2012-05-02 14:17 -------- dc----w- c:\documents and settings\All Users\Uniblue
    2012-04-26 18:50 . 2012-04-26 18:50 -------- d-----w- c:\documents and settings\Rowe\Application Data\ElevatedDiagnostics
    2012-04-16 18:18 . 2012-04-18 06:35 -------- d-----w- c:\documents and settings\Rowe\Local Settings\Application Data\LogMeIn Rescue Applet
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-04 19:47 . 2012-04-03 09:44 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-04 19:47 . 2011-05-18 16:34 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-02 20:47 . 2012-04-02 20:47 25685128 ----a-w- c:\program files\wordview_en-us.exe
    2012-03-20 19:44 . 2012-03-20 19:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-03-02 17:33 . 2012-03-02 17:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-03-02 17:33 . 2010-06-05 09:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:01 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:01 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-02-29 23:58 . 2011-09-29 16:45 881984 ----a-w- c:\windows\system32\nvgenco32.dll
    2012-02-29 23:58 . 2011-09-29 16:45 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
    2012-02-29 23:58 . 2010-06-03 16:07 65536 ----a-w- c:\windows\system32\OpenCL.dll
    2012-02-29 23:58 . 2010-06-03 16:07 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-02-29 23:58 . 2010-06-03 16:07 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-02-29 23:58 . 2010-06-03 16:07 5918720 ----a-w- c:\windows\system32\nvcuda.dll
    2012-02-29 23:58 . 2010-06-03 16:07 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-02-29 23:58 . 2006-10-29 15:16 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
    2012-02-29 23:58 . 2006-10-29 15:16 2291712 ----a-w- c:\windows\system32\nvapi.dll
    2012-02-29 23:58 . 2006-10-29 15:16 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2012-02-29 23:58 . 2006-10-29 15:16 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
    2012-02-29 20:30 . 2010-04-03 18:22 54272 ----a-w- c:\windows\system32\nvwddi.dll
    2012-02-29 20:30 . 2010-04-03 18:23 15494464 ----a-w- c:\windows\system32\nvcpl.dll
    2012-02-29 20:30 . 2010-04-03 18:23 143680 ----a-w- c:\windows\system32\nvcolor.exe
    2012-02-29 20:30 . 2010-04-03 18:23 164160 ----a-w- c:\windows\system32\nvsvc32.exe
    2012-02-29 20:30 . 2010-04-03 18:23 108352 ----a-w- c:\windows\system32\nvmctray.dll
    2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10 . 2004-08-04 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2003-08-27 13:19 . 2010-06-02 20:34 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-05-05_13.39.20 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-05-05 15:59 . 2012-05-05 15:59 16384 c:\windows\Temp\Perflib_Perfdata_88.dat
    + 2012-05-05 15:59 . 2012-05-05 15:59 16384 c:\windows\Temp\Perflib_Perfdata_700.dat
    + 2004-08-04 12:00 . 2012-05-05 16:03 67862 c:\windows\system32\perfc009.dat
    - 2004-08-04 12:00 . 2012-05-05 12:39 67862 c:\windows\system32\perfc009.dat
    + 2004-08-04 12:00 . 2012-05-05 16:03 433098 c:\windows\system32\perfh009.dat
    - 2004-08-04 12:00 . 2012-05-05 12:39 433098 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-15 39408]
    "Akamai NetSession Interface"="c:\documents and settings\Rowe\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EPSON Stylus Photo R800"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9YE.EXE" [2005-01-13 98304]
    "RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-04 273528]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
    "NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
    "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    VideoCam Suite.lnk - c:\program files\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe [2011-8-12 349584]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reboot.exe]
    backup=c:\windows\pss\Reboot.exeCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2006-07-31 10:45 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2006-01-12 15:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
    2003-08-27 13:20 94208 ----a-r- c:\windows\SM1bg.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Documents and Settings\\Rowe\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1056:TCP"= 1056:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [04/08/2004 13:00 14336]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [21/02/2012 21:15 2348352]
    R3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;c:\windows\system32\drivers\BCMWL5.SYS [02/06/2010 13:12 372480]
    S1 bhjavovc;bhjavovc;\??\c:\windows\system32\drivers\bhjavovc.sys --> c:\windows\system32\drivers\bhjavovc.sys [?]
    S1 enrdtbrw;enrdtbrw;\??\c:\windows\system32\drivers\enrdtbrw.sys --> c:\windows\system32\drivers\enrdtbrw.sys [?]
    S1 fctzjrqs;fctzjrqs;\??\c:\windows\system32\drivers\fctzjrqs.sys --> c:\windows\system32\drivers\fctzjrqs.sys [?]
    S1 fejhjcvg;fejhjcvg;\??\c:\windows\system32\drivers\fejhjcvg.sys --> c:\windows\system32\drivers\fejhjcvg.sys [?]
    S1 jmusqmwj;jmusqmwj;\??\c:\windows\system32\drivers\jmusqmwj.sys --> c:\windows\system32\drivers\jmusqmwj.sys [?]
    S1 nxkrioic;nxkrioic;\??\c:\windows\system32\drivers\nxkrioic.sys --> c:\windows\system32\drivers\nxkrioic.sys [?]
    S2 bwcdrv;bwcdrv;c:\windows\system32\drivers\BWCDRV.SYS [21/12/2003 09:21 19840]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [08/06/2010 23:20 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [03/04/2012 10:44 257696]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [03/06/2010 16:12 1684736]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [08/06/2010 23:20 136176]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 19:47]
    .
    2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-08 22:20]
    .
    2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-08 22:20]
    .
    2012-05-05 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]
    .
    2012-05-05 c:\windows\Tasks\MpIdleTask.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]
    .
    2012-05-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-861567501-725345543-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 13:40]
    .
    2012-05-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-861567501-725345543-1004.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 13:40]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-05-05 17:08
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_6c825ce.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
    "value"="?\08\00\1c\0b4;?"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(812)
    c:\windows\system32\msv1_0.dll
    .
    Completion time: 2012-05-05 17:10:06
    ComboFix-quarantined-files.txt 2012-05-05 16:10
    ComboFix2.txt 2012-05-05 13:41
    .
    Pre-Run: 57,460,260,864 bytes free
    Post-Run: 57,490,661,376 bytes free
    .
    - - End Of File - - E8CDD58287DFCFDC3760FD3878D41FB4
     
  2. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi

    No need to go back to Virustotal - I found the file details using one of the identifiers in the log you posted - the file was clean.

    Once you have posted the Malwarebytes scan results I'll post further instructions.
     
  3. Robert the Bruce

    Robert the Bruce Thread Starter

    Joined:
    Aug 16, 2006
    Messages:
    1,137
    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.05.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Rowe :: ROWE-B1115B646A [administrator]

    Protection: Enabled

    05/05/2012 17:33:19
    mbam-log-2012-05-05 (17-33-19).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 291351
    Time elapsed: 47 minute(s), 23 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\WINDOWS\system32\Tools\ChPrio.exe (Spyware.Password) -> Quarantined and deleted successfully.

    (end)
    I'm pissed off to say the least. This is the 6th attempt at getting back on here. After the Malware scan I restarted my computer. It froze after start-up. As soon as I tried to do anything the screen either froze or I was left with the egg-timer icon. This happened a further 5 times. Why ? Why wasn't I told that this might happen ?
     
  4. Robert the Bruce

    Robert the Bruce Thread Starter

    Joined:
    Aug 16, 2006
    Messages:
    1,137
    I'm now starting to feel a little disconcerted. Lack of replies to my last post is leaving me with a feeling of helplessness. Switching on my computer to-day I had the same problem. After start-up my computer freezes and I'm left with a egg-timer (loading) icon. Microsoft Essentials icon on the taskbar is RED at this point. I had to press the restart button on the front of my computer and just hope for the best.
    What worries most is the fact that I lost my job recently and so can't afford computer repairs or a new computer, moreover I need the computer to look for a job. Where are you ?
     
  5. Robert the Bruce

    Robert the Bruce Thread Starter

    Joined:
    Aug 16, 2006
    Messages:
    1,137
    After switching on my computer both yesterday and to-day I found that my computer screen once started up tends to freeze. I'm left with the loading egg-timer icon. My Microsoft Essentials icon on the taskbar is red at this point. I'm forced to press the restart button at the front of my computer in order to re-start and then hope for the best.
    This new problem only started after, see thread here http://forums.techguy.org/virus-other-malware-removal/1051715-cant-get-rid-adware-4.html#post8345263.
    I lost my job recently and so cannot afford repairs or a new computer. Moreover, I need my computer to look for a job. One problem has led straight into another. What happened ?
     
  6. Drabdr

    Drabdr Moderator

    Joined:
    Nov 26, 2007
    Messages:
    10,550
    Robert the Bruce,

    I have merged the information from the thread you just started into one thread. Please do not start duplicate threads on the same subject.

    Please be patient with the helpers.
     
  7. LauraMJ

    LauraMJ Administrator

    Joined:
    Mar 18, 2004
    Messages:
    12,656
    Did you happen to notice the size of the logs and information you are giving your helper? EACH AND EVERY single line of those logs has to be researched and analyzed in order to give YOU the highest quality help and instructions and to provide YOU with as much protection and care for YOUR computer as possible. ALL OF THIS is done without asking for any pay or even really any thanks.

    It would be just a bit nice if you would show just a small amount of gratitude and patience for someone's extreme attention to detail and hard work.......all for YOUR benefit.....and wait until they have had time to analyze and research YOUR problems.
     
  8. Robert the Bruce

    Robert the Bruce Thread Starter

    Joined:
    Aug 16, 2006
    Messages:
    1,137
    All I know is my computer could be on the verge of breaking down entirely, and me with it through no fault of my own. I'm well aware those guys do a good job and if I knew as much about computers as they do I also would be helping other folk. I'm sure you understand that as far as I knew my computer was almost fixed, and now this. Thing is, now my computer has another problem and that was AFTER following instructions. I just can't understand why I wasn't told this might happen and what to do if it did. I just hope they haven't given up on me. I'll try to be patient but I hope you can understand my desperation. :)
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,716
    I believe a false positive detection by MalwareBytes (and subsequent file quarantine) is responsible for the problems you're currently experiencing. MalwareBytes is an excellent program and false detections do occur with EVERY security program at times. That is why we always recommend that default action be set to quarantine rather than remove or delete so that things can be restored, if necessary. Unfortunately, false detections are impossible for any malware removal specialist to foresee.

    I am in the process of verifying this with the developers of MalwareBytes. If I'm correct then we can restore the file. Please bear with us and do not attempt to restore the file until we hear back from them. They may need something from you in order to verify the integrity of this particular file and/or why it was detected and we would appreciate your patience and cooperation in that regard. :)
     
  10. LauraMJ

    LauraMJ Administrator

    Joined:
    Mar 18, 2004
    Messages:
    12,656
    Desperation is one thing (and pretty normal here, I might add), rudeness, impatience, cursing at helpers (like wtf in an earlier post) is quite another and is really not acceptable. While you may realize it because of your desperation, some of your posts have not been very polite, or even nice. So as far as your comment to "back off" is concerned--It's my job here as Administrator to bring that to a poster's attention and insist on civility and politeness with helpers. We all understand your desperation and confusion....the vast majority of posters here are in the same boat as you. You are not the first, nor will you be the last to be worried and concerned about your computer. However, from here on out, I suggest you take a deep breath and try to create posts that ask questions in a polite and patient manner.
    I'm not sure why you thought that, as Glaswegian seemed rather clear that you had multiple problems yet to be fixed. :confused: At any rate, it would probably be helpful if you ask your helper that sort of thing as they can give you a clearer estimation of how close to being fixed it is. :)
     
  11. Robert the Bruce

    Robert the Bruce Thread Starter

    Joined:
    Aug 16, 2006
    Messages:
    1,137
    OK, points taken.
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,716
    It has been confirmed to me that it was indeed a false positive and will be fixed in the next update. The developers are very quick to address such things, I might add. As I'm not sure when the next update comes out and you seem to have downloaded the trial version of MalwareBytes rather than the free version, should a detection pop up again on this same file do not allow MBAM to quarantine it (tell it to ignore).

    So please open the MalwareBytes program and click on the Quarantine tab. There should be two items in there but ONLY one is a false positive so please highlight ONLY the following entry:

    C:\WINDOWS\system32\Tools\ChPrio.exe

    Then go down to the right and click on the button that says "Restore" then exit the program. If you're unsure of the process, I'm including a link that has a video showing how to do it:

    http://helpdesk.malwarebytes.org/entries/20849911-how-to-restore-items-from-quarantine

    Then reboot the machine and hopefully this will improve the performance although there are still some issues with malware that can have some effect. Please wait now for Glaswegian to continue this with you. :)
     
  13. Robert the Bruce

    Robert the Bruce Thread Starter

    Joined:
    Aug 16, 2006
    Messages:
    1,137
    OK I've done that. I'll reboot my computer now but I have a horrible feeling about this. Are you saying that my computer wasn't starting properly and getting stuck on the egg-timer/loading icon because of that false positive ?
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,716
    Yes, because the file was related to a reboot program tied to the motherboard.
     
  15. Robert the Bruce

    Robert the Bruce Thread Starter

    Joined:
    Aug 16, 2006
    Messages:
    1,137
    OK, here goes.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1051715