[dragues]

Hi, step 1 and 2 done.  I chose Microsoft Security Essentials. Also, I performed a quick scan and no threats were found. Thank you.

[Advertisements]

Excellent. Would you mind trying the Rootkit Scan again? I'm curious if it still crashes when trying to run it. Thanks.

 

Step#1 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

[BrianDrab]

Excellent. Would you mind trying the Rootkit Scan again? I'm curious if it still crashes when trying to run it. Thanks.

 

Step#1 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

[dragues]

Hi, I ran Rootkit Scan several times and it still crashes. But I noticed that it always crashs when scanning the same file: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.

[dragues]

Hi, are you still there? hehe

[BrianDrab]

Yes, sorry for the delay. I'll post some final information shortly. Everything working OK correct?

[BrianDrab]

OK! Well done, your computer is clean again!
 
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.

3. Click Run. Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
 
2. Windows Updates
Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears
3. Click on the Windows Update program that appears in the search results.

4. Click on Change Settings.

5. Select "Install updates automatically (recommended)" from the Important updates drop-down.

6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.
 
3. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
Another alternative and popular software program for keeping your programs current is FileHippo Update Checker. Some people prefer this one.
 
1. Please download FileHippo update checker from here and save to your desktop.
2. Double-click the FHSetup.exe file that was downloaded and accept all the defaults to install the program.
3. The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    Once updates are found you will see information from your task bar as follows. If you click on this informational message you will be take to a website showing the programs

    that you have that are outdated and links will be provided to the updates.

 

 
4. Keeping Java Updated
WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to diasble Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
 
1. Go to this page to download the latest version of Java SE Runtime Environment JRE 7 Update 67.
2. When you click this link you will need to click the "Accept License Agreement" radio button and then click on the "Windows x86 Offline" installer link. You will notice that there is also a Windows x64 link option, however even if you are using a 64-bit operating system, it's very likely you aren't running a 64-bit browser and should only download the "Windows x86 Offline" installer. To determine if you are using a 64-bit browser you can follow these instructions. If you find that you ARE using a 64-bit browser then you can download the "Windows x64" one.

3. Once you click on the appropriate link, please download this to your Desktop like we have with all of our tools.
4. Close any programs you may have running - especially your web browser.
5. Now we need to uninstall all versions of Java that are currently on your machine before we install the newest version. Go to Add/Remove programs (instructions are here) and uninstall any item that appears in the list that has the following as part of the name: JavaFX 2.1.1, Java 7 Update 21.
6. Reboot your computer once all Java components are removed.
7. Then from your desktop, right click on the file that was downloaded (jre-7u67-windows-i586.exe or jre-7u67-windows-x64.exe) and select Run as an Administrator to install the latest version. Accept all the defaults and you're good to go.
Note: Java has been notorious for installing foistware (software downloaded without the users knowledge). If you follow the instructions I provided no foistware will be installed but that doesn't mean it won't in the future. While performing the install of this software or any software for that matter, pay attention to each screen and ensure you uncheck any extra software that you don't want installed (i.e. Ask Toolbar, Chrome Browser, etc.).
 
5. Keep Adobe Reader Updated
Check to see what the latest major version of Adobe Reader is here. The full version is something like 11.0.06 for example but the major version is just the first number before the period so 11 in this case or XI.
Verify what version you have by doing the following.
1. Open Adobe Reader
2. Click Help on the menu at the top
3. Select About Adobe Reader

If your major version matches the major version from Adobe then perform the following steps.
1. Open Adobe Reader
2. Click Help on the menu at the top
3. Click Check for Updates
4. Allow any Updates to be downloaded and installed
5. If asked to reboot, please do.
6. Repeat these steps until you are told that no updates are available.

If your major version is lower than the major version from Adobe then perform the following steps.
1. Uninstall Adobe Reader. Click here for instructions on how to uninstall a program.
2. Install the newest version from this website.
Note: Make sure to uncheck the Optional Offer (i.e. Google Chrome, Google Toolbar) unless you really want it.

NOTE: You should disable JavaScript in the program as this is a highly exploitable method for the bad guys to get in your machine. Follow these instructions to disable it in Adobe Reader.
1. Open Adobe Reader
2. Select Edit from the menu and select Preferences
3. Click on JavaScript in the left column and uncheck Enable Acrobat JavaScript.
4. Click OK and close the program.
NOTE: Many installers, including Adobe Reader, offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

 

 
6. Antivirus - Preventative
It's critical that you have a reputable antivirus software installed on your machine at all times. One AV is a must have! But never more than one, as this can and will cause conflicts and false readings. It's good you have decided to install one.

Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is not actively monitoring your machine so it won't conflict with the Antivirus that you decided to install. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.

 

 

 
OK, all the best, and stay safe!
 
Items for your next post.
1. Contents of the Delfix log.

[dragues]

Hi, here is the log. Thanks again.

 

# DelFix v10.8 - Logfile created 28/09/2014 at 12:19:32

# Updated 29/07/2014 by Xplode

# Username : dragues - DRAGUES-PC

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

 

~ Activating UAC ... OK

 

~ Removing disinfection tools ...

 

Deleted : C:\Qoobox

Deleted : C:\_OTL

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\AdwCleaner[R1].txt

Deleted : C:\AdwCleaner[S1].txt

Deleted : C:\ComboFix.txt

Deleted : C:\log.txt

Deleted : C:\Users\dragues\Desktop\Addition.txt

Deleted : C:\Users\dragues\Desktop\AdwCleaner.exe

Deleted : C:\Users\dragues\Desktop\AdwCleaner[S2].txt

Deleted : C:\Users\dragues\Desktop\aswMBR.exe

Deleted : C:\Users\dragues\Desktop\Extras.Txt

Deleted : C:\Users\dragues\Desktop\Fixlog.txt

Deleted : C:\Users\dragues\Desktop\FRST.txt

Deleted : C:\Users\dragues\Desktop\FRST64.exe

Deleted : C:\Users\dragues\Desktop\JRT.exe

Deleted : C:\Users\dragues\Desktop\OTL.Txt

Deleted : C:\Users\dragues\Desktop\OTL.exe

Deleted : C:\Users\dragues\Desktop\SecurityCheck.exe

Deleted : C:\Users\dragues\Downloads\AdwCleaner.exe

Deleted : C:\Users\dragues\Downloads\aswMBR.exe

Deleted : C:\Users\dragues\Downloads\Extras.Txt

Deleted : C:\Users\dragues\Downloads\FRST64.exe

Deleted : C:\Windows\grep.exe

Deleted : C:\Windows\PEV.exe

Deleted : C:\Windows\NIRCMD.exe

Deleted : C:\Windows\MBR.exe

Deleted : C:\Windows\SED.exe

Deleted : C:\Windows\SWREG.exe

Deleted : C:\Windows\SWSC.exe

Deleted : C:\Windows\SWXCACLS.exe

Deleted : C:\Windows\Zip.exe

Deleted : HKLM\SOFTWARE\OldTimer Tools

Deleted : HKLM\SOFTWARE\AdwCleaner

Deleted : HKLM\SOFTWARE\Swearware

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart

Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys

Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart

Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys

Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #260 [Windows Update | 09/20/2014 08:12:50]

Deleted : RP #261 [Dell | 09/20/2014 15:10:19]

Deleted : RP #262 [OTL Restore Point - 21/09/2014 01:51:29 a.m. | 09/21/2014 06:51:34]

Deleted : RP #263 [Windows Update | 09/24/2014 04:28:34]

Deleted : RP #264 [Dell | 09/24/2014 04:54:44]

Deleted : RP #265 [Windows Update | 09/24/2014 04:57:18]

Deleted : RP #266 [DELL | 09/24/2014 05:09:09]

Deleted : RP #267 [Instalado Realtek USB 2.0 Card Reader | 09/24/2014 05:23:13]

Deleted : RP #268 [Instalado Realtek Ethernet Controller All-In-One Windows Driver | 09/24/2014 05:26:06]

Deleted : RP #269 [Software Intel® PROSet/Wireless | 09/24/2014 05:28:21]

Deleted : RP #270 [Instalado Realtek Ethernet Controller All-In-One Windows Driver | 09/24/2014 05:35:42]

Deleted : RP #271 [Instalado Realtek Ethernet Controller All-In-One Windows Driver | 09/24/2014 05:49:06]

Deleted : RP #272 [Windows Update | 09/27/2014 14:58:13]

 

New restore point created !

 

~ Resetting system settings ... OK

 

########## - EOF - ##########

[Dakeyras]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.