Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

Root.MBR Infection [Solved]


  • This topic is locked This topic is locked

#16
Shellsmom

Shellsmom

    Member

  • Member
  • PipPip
  • 25 posts
I do have Malwarebytes 1.6.0.1 400 However it does not have that in the Protection or any tab for that matter.
I can uninstall it.
  • 0

Advertisement


#17
CompCav

CompCav

    GeekU Instructor

  • GeekU Moderator
  • 11,168 posts
No need to uninstall as long as that protection is not installed. Just go on with the fix.
  • 0

#18
Shellsmom

Shellsmom

    Member

  • Member
  • PipPip
  • 25 posts
I double checked Malwarebytes per above no where to uncheck. I checked task manager to make sure it wasnt running, it was not.
I ran OTL with the fix rebooted and it froze. Then it shut computer down. Message about Malwarebytes had a problem but it was too quick & I did not read the whole message.

I restarted and could not find the log.

I ran task manager again and I see Malwarebytes running. Is it possible that the settings were kept when it was updated to the current version?

Searched for C:\_OTL\MovedFiles\10072012_211409.log and C:\_OTL\MovedFiles.

No log file (txt) But many others. rebooted pc then searched for simply 10072012 and it found the log file.

I will post OTL log anyway then you can tell me what to do next.


Malwarebytes will not open. I uninstalled it.

I now (I dont know really when this occurred as I just noticed) have several directories that are locked and I cant access them. They appear to be duplicates nor sure. They have a little lock on them. My Pictures, Documents and settings etc.




All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{71C2BF31-1182-4C1A-99AE-FC9477EB11F6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71C2BF31-1182-4C1A-99AE-FC9477EB11F6}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0\ deleted successfully.
C:\Windows\system32\npDeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2\ deleted successfully.
File C:\Windows\SysWOW64\npDeployJava1.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2\ deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll moved successfully.
C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\tfrji5vx.default\extensions\jid1-NOlwYOe3E3vApg@jetpack\resources\jid1-nolwyoe3e3vapg-at-jetpack-imagesearch-tests folder moved successfully.
C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\tfrji5vx.default\extensions\jid1-NOlwYOe3E3vApg@jetpack\resources\jid1-nolwyoe3e3vapg-at-jetpack-imagesearch-lib folder moved successfully.
C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\tfrji5vx.default\extensions\jid1-NOlwYOe3E3vApg@jetpack\resources\jid1-nolwyoe3e3vapg-at-jetpack-imagesearch-data folder moved successfully.
C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\tfrji5vx.default\extensions\jid1-NOlwYOe3E3vApg@jetpack\resources\jid1-nolwyoe3e3vapg-at-jetpack-api-utils-lib\windows folder moved successfully.
C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\tfrji5vx.default\extensions\jid1-NOlwYOe3E3vApg@jetpack\resources\jid1-nolwyoe3e3vapg-at-jetpack-api-utils-lib\utils folder moved successfully.
C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\tfrji5vx.default\extensions\jid1-NOlwYOe3E3vApg@jetpack\resources\jid1-nolwyoe3e3vapg-at-jetpack-api-utils-lib\traits folder moved successfully.
C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\tfrji5vx.default\extensions\jid1-NOlwYOe3E3vApg@jetpack\resources\jid1-nolwyoe3e3vapg-at-jetpack-api-utils-lib\tabs folder moved successfully.
C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\tfrji5vx.default\extensions\jid1-NOlwYOe3E3vApg@jetpack\resources\jid1-nolwyoe3e3vapg-at-jetpack-api-utils-lib\events folder moved successfully.
C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\tfrji5vx.default\extensions\jid1-NOlwYOe3E3vApg@jetpack\resources\jid1-nolwyoe3e3vapg-at-jetpack-api-utils-lib\dom folder moved successfully.
C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\tfrji5vx.default\extensions\jid1-NOlwYOe3E3vApg@jetpack\resources\jid1-nolwyoe3e3vapg-at-jetpack-api-utils-lib\content folder moved successfully.
C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\tfrji5vx.default\extensions\jid1-NOlwYOe3E3vApg@jetpack\resources\jid1-nolwyoe3e3vapg-at-jetpack-api-utils-lib folder moved successfully.
C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\tfrji5vx.default\extensions\jid1-NOlwYOe3E3vApg@jetpack\resources\jid1-nolwyoe3e3vapg-at-jetpack-api-utils-data folder moved successfully.
C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\tfrji5vx.default\extensions\jid1-NOlwYOe3E3vApg@jetpack\resources\jid1-nolwyoe3e3vapg-at-jetpack-addon-kit-lib folder moved successfully.
C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\tfrji5vx.default\extensions\jid1-NOlwYOe3E3vApg@jetpack\resources\jid1-nolwyoe3e3vapg-at-jetpack-addon-kit-data folder moved successfully.
C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\tfrji5vx.default\extensions\jid1-NOlwYOe3E3vApg@jetpack\resources folder moved successfully.
C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\tfrji5vx.default\extensions\jid1-NOlwYOe3E3vApg@jetpack\components folder moved successfully.
C:\Users\mom\AppData\Roaming\Mozilla\Firefox\Profiles\tfrji5vx.default\extensions\jid1-NOlwYOe3E3vApg@jetpack folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29209249-d4f2-11e1-9b71-2c4138a9d3fc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29209249-d4f2-11e1-9b71-2c4138a9d3fc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29209249-d4f2-11e1-9b71-2c4138a9d3fc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29209249-d4f2-11e1-9b71-2c4138a9d3fc}\ not found.
File G:\LaunchU3.exe -a not found.
C:\Users\mom\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\Advanced SystemCare V5\Toolbox folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\Advanced SystemCare V5\Log folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\Advanced SystemCare V5\Backup folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\Advanced SystemCare V4\Toolbox folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\Advanced SystemCare V4\Startup Manager folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\Advanced SystemCare V4\Smart RAM folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\Advanced SystemCare V4\SecurityHoles folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\Advanced SystemCare V4\Registrycleaner\backup folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\Advanced SystemCare V4\Registrycleaner folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\Advanced SystemCare V4\PMonitor folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\Advanced SystemCare V4\Log folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\Advanced SystemCare V4\Internet Booster folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\Advanced SystemCare V4\Driver Manager\DriverBackup folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\Advanced SystemCare V4\Driver Manager folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\Advanced SystemCare V4\Disk Cleaner folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\Advanced SystemCare V4\Backup folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit\Advanced SystemCare V4 folder moved successfully.
C:\Users\mom\AppData\Roaming\IObit folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\mom\Desktop\cmd.bat deleted successfully.
C:\Users\mom\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest

User: Guest.mom-HP
->Temp folder emptied: 1152989 bytes
->Temporary Internet Files folder emptied: 41970203 bytes
->Java cache emptied: 1618925 bytes
->FireFox cache emptied: 34678965 bytes
->Google Chrome cache emptied: 78527063 bytes
->Flash cache emptied: 540 bytes

User: KCK
->Temp folder emptied: 15755479 bytes
->Temporary Internet Files folder emptied: 335670548 bytes
->Java cache emptied: 13655362 bytes
->FireFox cache emptied: 120186804 bytes
->Google Chrome cache emptied: 446137254 bytes
->Flash cache emptied: 16382 bytes

User: Kckasu
->Temp folder emptied: 2161997 bytes
->Temporary Internet Files folder emptied: 167964278 bytes
->Java cache emptied: 7677695 bytes
->FireFox cache emptied: 55049313 bytes
->Flash cache emptied: 919 bytes

User: mom
->Temp folder emptied: 71090076 bytes
->Temporary Internet Files folder emptied: 28249291 bytes
->Java cache emptied: 1275310 bytes
->FireFox cache emptied: 118552832 bytes
->Google Chrome cache emptied: 347878589 bytes
->Flash cache emptied: 916 bytes

User: MOM1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mom_2
->Temp folder emptied: 79 bytes
->Temporary Internet Files folder emptied: 586229 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 659198 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 282043 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 453304 bytes

Total Files Cleaned = 1,804.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10072012_211409

Files\Folders moved on Reboot...
C:\Users\mom\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#19
CompCav

CompCav

    GeekU Instructor

  • GeekU Moderator
  • 11,168 posts
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
  • Note: If RogueKiller will not run please try it several times, if it still does not run rename it winlogon.com and try it several times.
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on ShortcutsFix

    Posted Image
  • The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.
  • 0

#20
Shellsmom

Shellsmom

    Member

  • Member
  • PipPip
  • 25 posts
Should I ignore Comodo? Before the download was finished Comodo was popping up messages of Suspicious files. Same ones as before.

Thank you for your patience!!
  • 0

#21
CompCav

CompCav

    GeekU Instructor

  • GeekU Moderator
  • 11,168 posts
It is a false positive and no problem better to check :thumbsup:

Regards,

CompCav
  • 0

#22
Shellsmom

Shellsmom

    Member

  • Member
  • PipPip
  • 25 posts
R.K Log#1

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : mom [Admin rights]
Mode : Scan -- Date : 10/08/2012 11:02:38

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] {4036B4AA-9A2F-463F-81E0-669DDB8CA90C} : C:\Windows\system32\pcalua.exe -a C:\Users\mom\Desktop\OldK\kinginstaller.exe -d C:\Users\mom\Desktop\OldK -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000524AS +++++
--- User ---
[MBR] d047a8952a56ab56372b9daabedb3aa6
[BSP] 7811c5c9c4b7ed724ffead6133ed0b7e : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 936876 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1918928896 | Size: 16891 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 1eccfce6738ba0bf91da9039126128ef
[BSP] cbe8eb4d9390909a2de3d2afab732562 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 226125824 | Size: 300 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#23
Shellsmom

Shellsmom

    Member

  • Member
  • PipPip
  • 25 posts
R.K.Log#2

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : mom [Admin rights]
Mode : Remove -- Date : 10/08/2012 11:03:41

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] {4036B4AA-9A2F-463F-81E0-669DDB8CA90C} : C:\Windows\system32\pcalua.exe -a C:\Users\mom\Desktop\OldK\kinginstaller.exe -d C:\Users\mom\Desktop\OldK -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

˙ž1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000524AS +++++
--- User ---
[MBR] d047a8952a56ab56372b9daabedb3aa6
[BSP] 7811c5c9c4b7ed724ffead6133ed0b7e : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 936876 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1918928896 | Size: 16891 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 1eccfce6738ba0bf91da9039126128ef
[BSP] cbe8eb4d9390909a2de3d2afab732562 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 226125824 | Size: 300 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#24
Shellsmom

Shellsmom

    Member

  • Member
  • PipPip
  • 25 posts
R.K. Log#3

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : mom [Admin rights]
Mode : Shortcuts HJfix -- Date : 10/08/2012 11:04:56

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 3 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 9 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 164 / Fail 0
My documents: Success 3 / Fail 3
My favorites: Success 1 / Fail 0
My pictures: Success 1 / Fail 0
My music: Success 16 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 276 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[Q:] \Device\SftVol -- 0x3 --> Restored

¤¤¤ Infection : Root.MBR ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  • 0

#25
CompCav

CompCav

    GeekU Instructor

  • GeekU Moderator
  • 11,168 posts
Are your files and folders back to normal now?
  • 0
<

Advertisement


#26
Shellsmom

Shellsmom

    Member

  • Member
  • PipPip
  • 25 posts
They seem to be with the exception of being locked, My Videos, My Pictures,Documents & Settings and under Users they are locked and duplicated. Mom= User but I have Mom and Mom1 and Mom2
lol arrrrgghh and All Users, Default, Default User, Guest, Guest Mom HP, Kckasu, Kck, & Public.

There should be John-Guest Kck, Kckasu & Mom and Public. I did create another user account and deleted it a while back.
Its possible Comodo locked them down?

Computer is running well, Internet I pay for 18 Mbps Down Just ran a speed test and Im getting 20 to 21 Mbps. Last 3 weeks 12 Mbps max.
  • 0

#27
CompCav

CompCav

    GeekU Instructor

  • GeekU Moderator
  • 11,168 posts

They seem to be with the exception of being locked, My Videos, My Pictures,Documents & Settings and under Users they are locked and duplicated.

Can you access them and can you copy them to another place unlocked?
  • 0

#28
Shellsmom

Shellsmom

    Member

  • Member
  • PipPip
  • 25 posts
I can access them now if I switch to each user account, I can not access them from My Administrator Account.

Normally I can access all from my account, but those accounts can not access mine. I will check the settings to see if something

was changed under the share folder part.
  • 0

#29
CompCav

CompCav

    GeekU Instructor

  • GeekU Moderator
  • 11,168 posts
Try the permissions thing if it is still an issue after we finish cleaning we will address it. But first let's insure you are clean, that is the priority!


Step 1.

Click on Start and select Control Panel
Open Add/Remove Programs
Uninstall Malwarebytes' Anti-Malware
Restart your computer very important
Download and run mbam-clean.exe from here
It will ask to restart your computer, please allow it to do so very important


Step 2.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application. Please do not accept the trial right now. We just want to run it on demand.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Step 3.

Post the log from mbam.
  • 0

#30
Shellsmom

Shellsmom

    Member

  • Member
  • PipPip
  • 25 posts
Ok that is / was the problem. It probably was Comodo the settings were changed to Do Not Share on those accounts. I had it set so i could see & access them all before.
  • 0

Advertisement



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured