[The_Omni]

Oh and welcome back and again thanks for helping

[Advertisements]

I see that you installed Avast. Nice...

Ok. The MBAM log looks good. The folder, C:\Users\All Users\RyMMiLto, is very strange, though I did find one instance online where one of my associates removed the file yet not a similarly strange folder, so I am not only going to remove only that file, yet reset the Windows Firewall with the following commands in the fix, then we will continue from there.

Please download the attached fixlist.txt file and save it to your Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

 fixlist.txt   241bytes   130 downloads

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait.
The tool will create a log (Fixlog.txt) on the Desktop. Please post it in your reply.

[DonnaB]

I see that you installed Avast. Nice...

Ok. The MBAM log looks good. The folder, C:\Users\All Users\RyMMiLto, is very strange, though I did find one instance online where one of my associates removed the file yet not a similarly strange folder, so I am not only going to remove only that file, yet reset the Windows Firewall with the following commands in the fix, then we will continue from there.

Please download the attached fixlist.txt file and save it to your Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

 fixlist.txt   241bytes   130 downloads

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait.
The tool will create a log (Fixlog.txt) on the Desktop. Please post it in your reply.

[DonnaB]

Oh and welcome back and again thanks for helping

  Thanks! And you're very welcome!

Isn't this fun!?!   I really do like helping others after a long days work. I find it personally rewarding to say the least!

 

[The_Omni]

Oh when I popped back over, windows killed Malwarebytes again.

 

While I was running FRST fix windows firewall blocked an HP proggy grabbed a screen shot will post when machine reboots. along with new fix log.

 

FYI that malware scan log was from days ago before we started.

[The_Omni]

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2014
Ran by Chilson at 2014-11-12 19:27:39 Run:3
Running from C:\Users\Chilson\Desktop\AAA FRST3
Loaded Profile: Chilson (Available profiles: Chilson & avery)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\All Users\RyMMiLto\dat\rFBLfkuqsTj.dll
C:\Users\All Users\RyMMiLto\dat\yOefCIVAJW.dll
DeleteQuarantine:
Hosts:
Emptytemp:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
*****************

"C:\Users\All Users\RyMMiLto\dat\rFBLfkuqsTj.dll" => File/Directory not found.
"C:\Users\All Users\RyMMiLto\dat\yOefCIVAJW.dll" => File/Directory not found.
"C:\FRST\Quarantine" => Removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 17.9 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

Attached Thumbnails

• 

[DonnaB]

Photosmart is an HP program and since it is in the HP folder, I wouldn't worry about it. It appears that since I reset the firewall, the program might have tried to access the HP network to get an update to the software. You can click on the unblock button if you like.

I see that folder was not found by my FRST fix to be removed. I'll look into why. Could be nothing but I want to make sure.

Security Check did find some programs that are outdated. Let's get them updated.

Out of date Adobe Reader installed!
Your Adobe reader needs updating. You should ensure you use the latest Adobe Reader and install any security updates that are released. You can download the latest reader and updates from here, though be very careful to uncheck the option to install McAfee Security Scan Plus.
 
As a side note: I'd suggest uninstalling Adobe Reader and using FoxIt or Sumatra Reader. Adobe has become very vulnerable over the last couple of years and really uses up resources more than FoxIt or Sumatra Reader. The "footprints" for Foxit and Sumatra Reader are considerably smaller than Adobe's and consequently uses less resources (RAM as well as hard drive space). It's been said that there are a few things those readers cannot do compared to Adobe, but I haven't come across any users complaining.
 
If you choose to install Foxit Reader, please be advised that you may have to uncheck any pre-checked software. Choose custom install.
 
If you'd like, you can download Foxit Reader from here.
Or if you choose, you could install Sumatra from here, though make sure to uninstall Adobe Reader.
 
You might want to discuss this with the owners of the computer.

Next:

As for Adobe Flash Player, you can get the updated version from here, though as mentioned above with the Adobe Reader update, be very careful to uncheck the option to install McAfee Security Scan Plus.

Next:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Now a days, your typical home computer user doesn't need Java installed, which at one time was desperately needed for websites to be displayed. That is no longer the case. I had uninstalled Java a few years ago and have since found no need for it, so the choice is yours if you would like to reinstall or not. If the need ever arises, you will be notified that Java is needed at which time you could install, or you could reinstall and just disable Java till the moment arises if it is needed.

You can read more about the need for Java and how to disable it here.

If you would like to reinstall, please do so from here.

Once your are done updating, go ahead and run Disk Cleanup if you haven't already. It will also flush out all restore points except for the last one created.

How is the system running now? I would like to remove all the tools used, though I will wait for your opinion before doing so.

[The_Omni]

I am working it.  FYI there is not installed JAVA, first thing I uninstalled when I got to the control panel.

[The_Omni]

The machine is acting badly right now, it is not loading pages correctly 50% of the time, just goes out and doesn't come back, DEP (Data Execution Prevention) On Note pad, Malwarebytes and earlier Powershell

[The_Omni]

Ok all cleaned up, system restore files deleted, loaded Foxit  ran another Security Check, here is the log

 

 Results of screen317's Security Check version 0.99.89  

 Windows Vista Service Pack 2 x86 (UAC is enabled)  

 Internet Explorer 9  

 Internet Explorer 8  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Antivirus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 CCleaner     

 Google Chrome 34.0.1847.116  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast AvastUI.exe  

 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 

 AVAST Software Avast ng ngtool.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log`````````````````````` 

[The_Omni]

PS I loaded Chrome, got tired of dealing with ie.  Updated it to current

Edited by The_Omni, 12 November 2014 - 10:52 PM.

[The_Omni]

I would like to run another Malwarebytes Scan, but I won't until you give me permission.

[The_Omni]

I went ahead and Defragged.

 

PS Here is the info on Puran, I like its features for a free app

 

http://www.majorgeek...ee_edition.html

[DonnaB]

Good morning, John!

Those DEP issues are possibly related to recently installed programs. Not sure, but I wonder it that has anything to do with Windows being outdated to to the nature of the Windows programs that are being detected. The following link might shed some light on that:

Data Execution Prevention: frequently asked questions

Go ahead and run Malwarebytes if you like. Use the following instructions to ensure specific settings are configured:

Malwarebytes 2.0, please run a Threat Scan

• Click on the Dashboard tab and to the right of Database Version, click the Update Now >> link.
• After the updates complete, click on the Settings tab at the top then click on Detection and Protection.
• Under Detection Options, make sure all 3 options are checked.
• Just below that, under Non-Malware Protection, click on the drop down arrow under PUP (Potentially Unwanted Program) detections: and choose Treat detections as malware.
• Click on the Scan tab at the top, then click on the Scan Now >> button. (There is also a Scan Now >> button on the Dashboard you can click as well.
• If you are offered to update again, go ahead and click the Update Now >> button. Once complete, the Threat Scan will begin.
• When the scan is complete, if there have been any detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

Post log:

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Next:

Might be a good idea to do a System File Check as well:

SFC Scan

• Click on the Start button and in the search box, type cmd.exe
• When you see cmd in the list, right-click on it and select Run as administrator
• When command prompt opens, please type or copy/paste the following command into it, then press Enter
  
  sfc /scannow
  
  Wait for this to finish before you continue.
  
  Once the scan completes, type or copy/paste the following into notepad
  
  @echo off
  findstr /c:"[SR]" %windir%\logs\cbs\cbs.log > sfcdetails.txt
  del %0
• Click on File > Save As... and type sfc.bat then click Save
• Double click on the batch file.
• This will create the file, sfcdetail.txt on your Desktop and the .bat file icon will self delete. Please attach this to your next post.
• Next:
  
  Then run a Disk Check:
  • Click on Start > Run and type in cmd
  • Press Enter
  • In the Command Prompt window type chkdsk c:/r (or copy and paste) and press Enter.
    Please Note the space between k c:/r
  • The next dialog box will now show the following:
    
    Chkdsk cannot run because the volume is in use by another
    process. Would you like to schedule this volume to be
    checked the next time the system restarts? <Y/N>
  • Type Y and reboot the computer.
  • Checkdisk will start once the computer reboots. It can take up to an hour or more to complete as it goes through the stages. Allow it to run uninterrupted till complete.
  To find the log that is produced please do the following:
  
  Please download ListChkdskResult by SleepyDude to the desktop.
  • Double click on the icon and click [b]Run
  • The log will appear on your desktop as a .txt file and the notepad will open.
  Please copy and paste the results in your next reply.
• 
  

[The_Omni]

MalwareBytes Scan Log

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 11/13/2014

Scan Time: 7:42:33 PM

Logfile: MWB 11-13.txt

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.11.14.01

Rootkit Database: v2014.11.12.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Enabled

 

OS: Windows Vista Service Pack 2

CPU: x86

File System: NTFS

User: Chilson

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 349169

Time Elapsed: 24 min, 20 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[The_Omni]

Hope you had a good day.  It locked up on me earlier so I had to hard start and did a chkdsk fix after restart

 

Clean on MWB scan doing System File Check now