Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer acts infected [Solved]


  • This topic is locked This topic is locked

#16
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

And you can get lint stuck in the optical area of the mouse, as well as in the scroll wheel area.  Been there, done that... :D


  • 0

Advertisements


#17
eles

eles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

My apologies - I thought that entire post was for Christian.
Optical area of mouse was also clean.

 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-08-18 17:32:32
-----------------------------
17:32:32.371    OS Version: Windows 6.1.7601 Service Pack 1
17:32:32.371    Number of processors: 2 586 0xF02
17:32:32.386    ComputerName: JOANNS_LAPTOP  UserName: Jo Ann
17:33:03.415    Initialize success
17:33:03.664    VM: initialized successfully
17:33:03.664    VM: Intel CPU virtualization not supported
17:37:59.422    AVAST engine defs: 15081700
17:39:23.974    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:39:23.974    Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC7DP Size: 152627MB BusType: 3
17:39:24.192    Disk 0 MBR read successfully
17:39:24.192    Disk 0 MBR scan
17:39:24.208    Disk 0 Windows 7 default MBR code
17:39:24.239    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
17:39:24.255    Disk 0 Partition 2 80 (A) 07      HPFS/NTFS NTFS       151126 MB offset 3074048
17:39:24.286    Disk 0 default boot code
17:39:24.301    Disk 0 scanning sectors +312580096
17:39:24.426    Disk 0 scanning C:\Windows\system32\drivers
17:39:41.415    Service scanning
17:40:28.964    Service WRkrn C:\Windows\System32\drivers\WRkrn.sys **LOCKED** 32
17:40:31.865    Modules scanning
17:40:31.881    Disk 0 trace - called modules:
17:40:31.912    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
17:40:31.928    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86640030]
17:40:31.959    3 CLASSPNP.SYS[8a28059e] -> nt!IofCallDriver -> [0x865374d8]
17:40:31.974    5 ACPI.sys[841df3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x858a5610]
17:40:32.864    AVAST engine scan C:\Windows
17:40:38.136    AVAST engine scan C:\Windows\system32
17:45:57.563    AVAST engine scan C:\Windows\system32\drivers
17:46:20.697    AVAST engine scan C:\Users\Jo Ann
17:50:27.817    AVAST engine scan C:\ProgramData
17:54:26.030    Disk 0 statistics 2926553/0/0 @ 2.61 MB/s
17:54:26.061    Scan finished successfully
17:57:34.494    Disk 0 MBR has been saved successfully to "C:\Users\Jo Ann\Desktop\MBR.dat"
17:57:34.509    The log file has been saved successfully to "C:\Users\Jo Ann\Desktop\aswMBR.txt"
 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

Fix result of Farbar Recovery Scan Tool (x86) Version:17-08-2015
Ran by Jo Ann (2015-08-18 18:16:05) Run:3
Running from C:\Users\Jo Ann\Desktop
Loaded Profiles: Jo Ann (Available Profiles: Jo Ann)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\SharedTools\MSConfig\startupfolder" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\SharedTools\MSConfig\startupfolder" /F
C:\ProgramData\IObit\ASCDownloader
C:\Users\All Users\IObit\ASCDownloader
C:\Users\Jo Ann\Downloads\advanced-systemcare-setup.exe
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
Restore point was successfully created.

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========

The operation completed successfully.
========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========

The operation completed successfully.
========= End of Reg: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.
========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.
========= End of Reg: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\SharedTools\MSConfig\startupfolder" /F =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\SharedTools\MSConfig\startupfolder" /F =========

The operation completed successfully.
========= End of Reg: =========

C:\ProgramData\IObit\ASCDownloader => moved successfully.
"C:\Users\All Users\IObit\ASCDownloader" => File/Folder not found.
"C:\Users\Jo Ann\Downloads\advanced-systemcare-setup.exe" => File/Folder not found.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


  • 0

#18
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

No worries, and thanks for the logs.  :D 

 

At this point, it looks like your mouse is likely the culprit, whether it's wireless interference with another device, or the mouse itself.  Wireless B and G routers and other devices operate in the same frequency range of 2.4GHz, so make sure the mouse receiver is away from any such components. 

 

If you would like help troubleshooting further for any hardware issues, stop by our Hardware, Components and Peripherals forum.  :)

 

A couple of quick things to cover here:

  • Please be advised that your version of Internet Explorer is outdated (Version 9), so be sure to update it as explained below.  The latest is Version 11 right now.
  • You should also read the CryptoLocker Warning section to learn how to help protect your system and data from possible damage from this horrible malware.

 

Everything looks good in your logs here, so I'm happy to tell you:

Congratulations, your log is clean! :thumbsup:

Now, let's cover some additional steps to clean up your computer and help you avoid getting infected again...

Tools Cleanup and Housekeeping
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Tool Removal
We need to remove the tools we've used during cleaning your machine

  • Download DelFix from here
  • Ensure Remove disinfection tools is ticked
  • Also check these options:
    • Activate UAC
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix_zpsjnkukbim.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log.

Please paste the log in your next reply, and delete any logs that you have left over on your desktop.

Now let's take a few preventative measures to reduce the risk of further infections. :cool:

Automatic Updates for Windows 7
Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn ON Automatic Updates in Windows 7

Keep Java Updated
Warning: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java.
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser and How to unplug Java from the browser).

If you do need to keep Java then download JavaRa.
Run the program and select Remove Java Runtime.  Uninstall all versions of Java present.
Once done then run it again and select Update Java runtime > Download and install Latest version.
javara.JPG

Web Browser security
Most malware is exploiting Internet Explorer's vulnerabilities, with Firefox you will likely be more secure.

Note: If you are going to use Firefox, I would suggest the use of these add-ons:

  • NoScript - for blocking ads and other potential website attacks.
  • AdBlock Plus - block annoying ads that cost you expensive bandwith, with the added benefit of faster page loading.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

Other Program updates
If you use any Adobe software make sure to keep them updated.  Best of all, they are FREE.
Note: Make sure to uncheck the check box labelled "Yes, install McAfee Security Scan Plus - optional", or any other optional "features".

Anti Virus Programs
On to personal Anti Virus programs. One AV is a must have, but never more than one, as this can and will cause conflicts, system slow-downs, and false readings.

If you wish to keep using your current program, Webroot, always make sure it is up to date and enabled.

These FREE ones are as good as any paid subscription AV, as long as you allow them to update themselves:

Anti Spyware Programs
You already have an excellent preventative program that will help to keep the nasties away - Malwarebytes Anti-Malware.  I would advise running this at least once a month.  If you need to download it again, you can get it from here:

Malwarebytes Anti-Malware

Instant Messengers
Almost done! If you like to use chat, MSN and Yahoo have vulnerabilities that can leave you open to infections. There are however a couple of very good, malware-free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

File/System Cleaners
Finally, it is a good idea to clear out all your temp files every now and again. This will help keep your computer running optimally. It can detect registry errors, missing shortcuts, invalid files, etc. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

CryptoLocker Warning
CryptoLocker is a particularly nasty infection which is becoming more prevalent...
 
Go here for information about CryptoLocker Ransomware. Learning about what is out there may help you prevent infection. The best protection against this infection is to backup your files often. If you're using an external drive, keep it unplugged from the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever have the frustrating experience of contracting it.
 
It is suggested to download and install CryptoPrevent, which is free for home use. It will help prevent CryptoLocker and other similar infections.

Further Reading
Here are some articles that are must reads and should be read by everybody in your household that uses the Internet:

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this excellent article, originally written by Tony Klein, and updated by SpySentinel.

I will keep this log open for the next couple of days, so if you have any further problems, you can post another reply here.

OK, happy computing, and stay safe! :cool:

Please reply again to this thread to acknowledge you have read my last post.  If you have no further questions, this thread will be closed to prevent others from posting here.

Thanks!


  • 0

#19
eles

eles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Ran Delfix - acted like nothing happened. No running screen came up.
Checked properties - was in XP compatibility mode - changed to W7
Ran Delfix again - acted like nothing happened.
No log, all the programs and their logs are still on the desktop, still many restore points.
Tried to find a web reference to where it puts its log and only found that an admin must run.
The user id I use has admin rights.
I started it again from an elevated prompt.
It cleared all the previous restore points. End of disinfection was now the only restore point. Yea!
All the programs and files were still on the desktop and still no log.
UAC didn't question my invoking regedit.
Couldn't find the registry backup.

Moving on to the rest of the list.


Edited by Eles, 19 August 2015 - 03:54 PM.

  • 0

#20
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

OK, regarding DelFix, from what location did you run it? 

 

And could you try to disable your Webroot software and try again please?  It could be blocking DelFix.


  • 0

#21
eles

eles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

I answered this before I read your last post.

I ran DelFix from the desktop.

 

Turns out DelFix requires a restart to finish the job.
----------------------------------------------------------
Tried to run JavaRa from an elevated prompt from the desktop icon and got:
Windows cannot find 'C:\Users\Jo Ann\Desktop\JavaRa.exe'.
Make sure you typed the name correctly, and then try again.

Tried everything I could think of - could not get it to run.

Turns out that JavaRa needs a definition file in the same folder and ran perfectly from a non desktop folder.

----------------------------------------------------------

Tried to run TFC from an elevated prompt from the desktop icon and got the same initial
response as JavaRa.
Ended up successfully running it from a non desktop folder.

----------------------------------------------------------

In the beginning, you had me uninstall YTD Video Downloader.
Can you recommend some other freeware to capture streaming videos?

 

Thanx for all your help - you did an excellent job.

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# DelFix v1.011 - Logfile created 19/08/2015 at 15:24:22
# Updated 18/08/2015 by Xplode
# Username : Jo Ann - JOANNS_LAPTOP
# Operating System : Windows 7 Ultimate  (32 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #163 [Revo Uninstaller's restore point - MakeMKV v1.8.6 | 08/12/2015 23:57:33]
Deleted : RP #165 [Revo Uninstaller's restore point - Recuva | 08/13/2015 00:02:20]
Deleted : RP #167 [Revo Uninstaller's restore point - smartmontools | 08/13/2015 00:05:59]
Deleted : RP #169 [Revo Uninstaller's restore point - VirtualCloneDrive | 08/13/2015 00:08:43]
Deleted : RP #171 [Revo Uninstaller's restore point - Marvell Miniport Driver | 08/13/2015 00:12:12]
Deleted : RP #172 [Removed Marvell Miniport Driver | 08/13/2015 00:12:34]
Deleted : RP #174 [Revo Uninstaller's restore point - Microsoft Sync Framework 2.0 Core Components (x86) ENU  | 08/13/2015 00:15:51]
Deleted : RP #175 [Removed Microsoft Sync Framework 2.0 Core Components (x86) ENU  | 08/13/2015 00:16:22]
Deleted : RP #177 [Revo Uninstaller's restore point - Microsoft Sync Framework 2.0 Provider Services (x86) ENU  | 08/13/2015 00:20:11]
Deleted : RP #178 [Removed Microsoft Sync Framework 2.0 Provider Services (x86) ENU  | 08/13/2015 00:20:52]
Deleted : RP #180 [Revo Uninstaller's restore point - K-Lite Codec Pack 7.0.0 (Standard) | 08/13/2015 00:30:41]
Deleted : RP #182 [Revo Uninstaller's restore point - SAMSUNG USB Driver for Mobile Phones | 08/13/2015 01:11:39]
Deleted : RP #183 [Windows Update | 08/15/2015 22:01:06]
Deleted : RP #184 [Installed Microsoft Fix it 50267 | 08/16/2015 02:42:57]
Deleted : RP #186 [Revo Uninstaller's restore point - YTD Video Downloader 4.9.1 | 08/16/2015 18:28:47]
Deleted : RP #188 [Restore Point Created by FRST | 08/16/2015 19:23:36]
Deleted : RP #189 [JRT Pre-Junkware Removal | 08/16/2015 19:39:26]
Deleted : RP #190 [JRT Pre-Junkware Removal | 08/17/2015 01:21:41]
Deleted : RP #192 [Restore Point Created by FRST | 08/19/2015 00:16:22]

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


  • 0

#22
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Thank you.  As far as YTD Video Downloader, I have used Video Download Helper myself (Firefox extension), but it's been a while and I'm not sure of the ratings these days.  It may take a little getting used to as well.

 

Let me whether or not you have any more questions and I'll close the thread to prevent responses from others here. 

 

Dan :)


  • 0

#23
eles

eles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts

Thanx Dan,
You did a wonderful, professional job - and quickly.
For someone that's not easily impressed (me), I am truly pleased and impressed.
Thank you again,
Larry


  • 0

#24
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

You're welcome.  Thanks for the complements.  :D

 

 

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP