Screen locked; Bogus Police want £100 !
#16
Posted 24 May 2012 - 08:43 PM
#17
Posted 24 May 2012 - 11:23 PM
There is a second Programs Files on Drive C called Program Files (x86). And a third called Program Data.
But all programs seem to open nicely.
#18
Posted 25 May 2012 - 12:14 AM
You should have a Libraries Folder under Desktop and under that should be folders for Documents, music, video and Pictures. Click on Documents and you should see My Documents and Public Documents. (You will sometimes see shortcuts which when you click on them say access denied. This is normal in Win 7
Are you able to open old documents,and pictures?
#19
Posted 26 May 2012 - 10:12 PM
Secondly, I have opened my Security Essentials window and I can see that it spotted three trojan horses a few days ago (23/05/2012). I thought maybe these may be relevant, maybe not. They are: Win64/Sirfef.Y Medfos.A and Sirfef.P
My Malwarebytes is still stopping something from happening. "Successfully blocked access to a potentally harmful website: 66.150.14.111 Type:Outgoing.
Thanks for your help, so far.
#20
Posted 26 May 2012 - 11:23 PM
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
Let's also try the bitdefender quickscan.
http://quickscan.bitdefender.com/
When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).
#21
Posted 27 May 2012 - 04:32 AM
C:\Program Files (x86)\Windows iLivid Toolbar\del_DM_DLL_73.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\del_DM_EXE_47.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\del_IEBHO_65.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\PROGRA~2\SEARCH~1\Datamngr\BrowserConnection.dll.vir Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll.vir Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\PROGRA~2\SEARCH~1\Datamngr\datamngrUI.exe.vir a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\PROGRA~2\SEARCH~1\Datamngr\DnsBHO.dll.vir Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll.vir Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Erin\AppData\Roaming\xkpoe\start.exe.vir
#22
Posted 27 May 2012 - 09:18 AM
Is MBAM still complaining about the 66.150.14.111 connection? If so run OTL again, Quickscan and post the log.
Download SubInACL.exe
http://www.microsoft...&displaylang=en
By default it installs the tool in C:\Program Files\Windows Resource Kits\Tools\
Please allow it to do so.
Download and Save the attached file, reset.zip, right click on it and Extract all and copy the reset.cmd file to C:\Program Files\Windows Resource Kits\Tools\.
Start, Run, cmd, OK Type with an ENter after each line:
cd "\Program Files\Windows Resource Kits\Tools" reset.cmd
Copy the next line:
dir /a /s %USERPROFILE%\Documents > \junk.txt
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
then type:
notepad \junk.txt
Copy and Paste the text from notepad to your next reply. If the file is to big then attach it.
#23
Posted 27 May 2012 - 10:37 PM
Scan time:00:04:56 Files per second:4 Skipped items:0 Password-protected items:0 Over-compressed items:0 Scanned archives:0 Input-output errors:0 Scanned boot sectors:0 Scanned processes:0 Infected processes:0 Scanned registry keys:0 Infected registry keys:0 Scanned cookies:0 Infected cookies:0
Is MBAM still complaining about the 66.150.14.111 connection? No. Well done and thanks!
Re:
cd "\Program Files\Windows Resource Kits\Tools"
reset.cmd
The default went to Program files (x64), so I copied them to Program Files.
On reset.cmd a message came up: reset.cmd is not recognised as an internal or external command.
Await further instructions.
#24
Posted 27 May 2012 - 11:10 PM
cd "\Program files (x64)\Windows Resource Kits\Tools"
reset.cmd
#25
Posted 31 May 2012 - 10:19 PM
#26
Posted 31 May 2012 - 11:26 PM
Can you right click on it and select Properties?
If so click on Restore Defaults if the option is available. If the option for Security is available then click on it and then on Advanced then on Owner. You should be the current owner. If not then Change Owner to: yourself. Then OK. Make sure that you have full control checked in the bottom panel.
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:
cd \
dir /a /s *documents* > \junk.txt
(this will take a few minutes to finish)
notepad \junk.txt
Copy and paste the text from notepad into a reply.
#27
Posted 01 June 2012 - 03:14 PM
Volume in drive C is Local Disk
Volume Serial Number is C4E5-30AA
Directory of C:\
14/07/2009 06:08 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files\Bitdefender\Bitdefender 2012\Skin\images\common
14/10/2011 23:59 874 is_icon_documents.png
1 File(s) 874 bytes
Directory of C:\ProgramData
14/07/2009 06:08 <JUNCTION> Documents [C:\Users\Public\Documents]
0 File(s) 0 bytes
Directory of C:\Qoobox\Quarantine\C\Users\Erin
24/05/2012 10:05 <DIR> Documents
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 06:08 <JUNCTION> Documents [C:\Users\Public\Documents]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 06:08 <DIR> Documents
14/07/2009 06:08 <JUNCTION> My Documents [C:\Users\Default\Documents]
0 File(s) 0 bytes
Directory of C:\Users\Erin
24/05/2012 10:05 <DIR> Documents
09/10/2011 14:05 <JUNCTION> My Documents [C:\Users\Erin\Documents]
0 File(s) 0 bytes
Directory of C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Libraries
21/02/2012 17:58 8,097 Documents.library-ms
1 File(s) 8,097 bytes
Directory of C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Recent
11/05/2012 21:11 586 Documents.lnk
1 File(s) 586 bytes
Directory of C:\Users\Erin\AppData\Roaming\Microsoft\Windows\SendTo
09/10/2011 14:12 0 Documents.mydocs
1 File(s) 0 bytes
Directory of C:\Users\Public
06/07/2011 09:14 <DIR> Documents
0 File(s) 0 bytes
Directory of C:\Windows\ServiceProfiles\LocalService
14/07/2009 05:45 <DIR> Documents
0 File(s) 0 bytes
Directory of C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host
11/11/2011 16:29 <DIR> Description Documents
0 File(s) 0 bytes
Directory of C:\Windows\ServiceProfiles\NetworkService
14/07/2009 05:45 <DIR> Documents
0 File(s) 0 bytes
Directory of C:\Windows\System32\migwiz\PostMigRes\Web\base_images
10/06/2009 22:05 1,154 Documents.gif
1 File(s) 1,154 bytes
Directory of C:\Windows\System32\wdi\perftrack
13/07/2009 21:53 13,013 Microsoft-Windows-Documents-Events.ptxml
1 File(s) 13,013 bytes
Directory of C:\Windows\SysWOW64\migwiz\PostMigRes\Web\base_images
10/06/2009 22:43 1,154 Documents.gif
1 File(s) 1,154 bytes
Directory of C:\Windows\winsxs
14/07/2009 04:20 <DIR> amd64_microsoft-windows-documents-performance_31bf3856ad364e35_6.1.7600.16385_none_3cdadc249cb267a4
0 File(s) 0 bytes
Directory of C:\Windows\winsxs\amd64_microsoft-windows-documents-performance_31bf3856ad364e35_6.1.7600.16385_none_3cdadc249cb267a4
13/07/2009 21:53 13,013 Microsoft-Windows-Documents-Events.ptxml
1 File(s) 13,013 bytes
Directory of C:\Windows\winsxs\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_18a11c58aaf4d08c
10/06/2009 22:05 1,154 Documents.gif
1 File(s) 1,154 bytes
Directory of C:\Windows\winsxs\Manifests
14/07/2009 03:27 108,322 amd64_microsoft-windows-documents-performance_31bf3856ad364e35_6.1.7600.16385_none_3cdadc249cb267a4.manifest
1 File(s) 108,322 bytes
Directory of C:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287
10/06/2009 22:43 1,154 Documents.gif
1 File(s) 1,154 bytes
Total Files Listed:
11 File(s) 148,521 bytes
13 Dir(s) 405,433,692,160 bytes free
#28
Posted 05 June 2012 - 11:09 PM
#29
Posted 15 June 2012 - 12:01 AM
Did you do this:
Can you right click on it and select Properties?
If so click on Restore Defaults if the option is available. If the option for Security is available then click on it and then on Advanced then on Owner. You should be the current owner. If not then Change Owner to: yourself. Then OK. Make sure that you have full control checked in the bottom panel.
What happens?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users