[bwing]

I did all that. I right clicked and did "take ownership" . Then I right clicked again, and selected "Send to compressed (zipped) folder" a little gold lock appeared on the icon and it said, "File not found or no read permission."

[Advertisements]

OK rather than do this piecemeal I will run a full repair on the main areas

Download Windows Repair (all in one) from this site

Install the programme then run



Go to step 3 and allow it to run SFC



On the start repairs tab click start


Select the following items and tick restart system when finished

[Essexboy]

OK rather than do this piecemeal I will run a full repair on the main areas

Download Windows Repair (all in one) from this site

Install the programme then run



Go to step 3 and allow it to run SFC



On the start repairs tab click start


Select the following items and tick restart system when finished

[bwing]

Here are the minidump files from the 9th.
 Minidump.zip   71.52KB   39 downloads

I ran Security Essentials and Malware tonight thinking everything was good. Pass through Malware, but Security Essentials still found the Trojan.

+ System

- Provider

[ Name] Microsoft Antimalware

- EventID 1011

[ Qualifiers] 0

Level 4

Task 0

Keywords 0x80000000000000

- TimeCreated

[ SystemTime] 2013-01-14T04:12:43.000000000Z

EventRecordID 127571

Channel System

Computer WingGateway

Security


- EventData

%%860
4.1.0522.0





WINGGATEWAY
Cool Lisa
S-1-5-21-913415816-268579895-1557913236-1009
Trojan:JS/Medfos.A
2147655727
5
8
http://go.microsoft....atid=2147655727
file:_C:\Users\Cool Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cjalh8z9.default\Extensions\{d347fc45-6646-43ca-adf7-03f3c49fc9b4}.xpi








Severe
Trojan
AV: 1.141.3825.0, AS: 1.141.3825.0
1.1.9002.0

Edited by bwing, 13 January 2013 - 10:25 PM.

[Essexboy]

OK the blue screens appear to be memory related


Open Memory Diagnostics Tool by clicking the Start button, and then clicking Control Panel.
In the search box, type Memory, and then click Diagnose your computer's memory problems.‌
Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
Choose when to run the tool. I would recommend on next boot



Once done reboot the computer
A memory test will start
Let me know if any errors are reported

NEXT

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

:OTL
[2013/01/09 21:19:43 | 000,002,367 | ---- | M] () (No name found) -- C:\Users\Cool Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cjalh8z9.default\Extensions\{d347fc45-6646-43ca-adf7-03f3c49fc9b4}.xpi

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[bwing]

If did not appear to find any errors in the memory repair. No logs came up, can I find them on the system?

Here is the OTL log.
All processes killed
========== OTL ==========
C:\Users\Cool Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cjalh8z9.default\Extensions\{d347fc45-6646-43ca-adf7-03f3c49fc9b4}.xpi moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Brian wk
->Temp folder emptied: 13209005 bytes
->Temporary Internet Files folder emptied: 249052118 bytes
->Google Chrome cache emptied: 7770662 bytes
->Flash cache emptied: 58770 bytes

User: Cool Lisa
->Temp folder emptied: 40599026 bytes
->Temporary Internet Files folder emptied: 28517102 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 179902278 bytes
->Google Chrome cache emptied: 15874464 bytes
->Flash cache emptied: 60482 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lisa Wing

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes

User: Winghome II
->Temp folder emptied: 45047083 bytes
->Temporary Internet Files folder emptied: 7902248 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 10113434 bytes
->Google Chrome cache emptied: 7611659 bytes
->Flash cache emptied: 567 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 181760 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 411189421 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 45018850 bytes
RecycleBin emptied: 115423988 bytes

Total Files Cleaned = 1,123.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 01142013_201644

Files\Folders moved on Reboot...
C:\Users\Cool Lisa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Essexboy]

There will be no log for the memory check .. Have you had any further blue screens ?

[bwing]

No blue screens since we started the process. Hotmail was causing the problem early on, and I have not had a Blue Screen since we started. Hence, why I thought we were good Sunday night when I checked for the Trojan again. I thought we had corrected everything.

[Essexboy]

Looking at it I missed the FF add on that was the miscreant, but as it has now gone would you be happy for me to tidy up ?

[bwing]

Today's new problem is when I start the computer and open Firefox, it can't find the internet. If I restart the computer, and open Firefox, it starts fine. I've been shutting the computer down when it's not in use, so I've had to start it up a number of times. Each time, it required a restart to find the internet.

Is there and anti malware program we should be running to get rid of this?

[Essexboy]

OK lets check out the internet data

Please download MiniToolBox, save it to your desktop and run it.



Checkmark the following checkboxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List Winsock Entries
• List last 10 Event Viewer log
• List Installed Programs
• List Devices
• List Users, Partitions and Memory size.
• List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

[bwing]

data removed

Edited by bwing, 17 January 2013 - 10:33 PM.

[Essexboy]

Did you disable your wireless connection ?

Name: 802.11n Wireless LAN Card #2
Description: 802.11n Wireless LAN Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Ralink Technology, Corp.
Service: netr28x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

[bwing]

Yes, we are running on Cat5 cable now.

[Essexboy]

As a test when you boot and go online use IE first to see if that experiences the same problem

[bwing]

I reset the IPv4 information, and it does not appear to have any issues now.

Thanks for your help. Scanned yesterday and did not find anything. Can you help tidy up and let me know what I should be removing from my system, and what I can keep for future use.

Thanks again for all of the help. This has been quite the issue.