Vista Antivirus 2012

Hi, No threat found.

All that was in log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Ta

Hi,

How's your computer running now?

...... so far so good. crossing me fingers! Many thanks

Hi,

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE.
  

You now have a clean restore point.

To get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do a calculation of temporary/old files, and then display a dialogue box.
  
• Select the More Options Tab.
  
• At the bottom will be a System Restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done.
  

========

Removing the tools

Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download [URL="http://www.itxassociates.com/OT-Tools/OTC.exe"]OTC.exe[/URL] by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  

============

Update Programs

Please download the newest version of Adobe Acrobat Reader from [URL="http://www.adobe.com/products/acrobat/readstep2.html"]Adobe.com[/URL]

Please download the newest version of Java from [URL="http://www.java.com/en/download/manual.jsp"]Java.com[/URL].

===============

Staying Protected

If you don't have a anti-virus I recommend to download one of these free anti-virus programs:
1. [URL="http://www.avast.com/"]Avast![/URL]
2. [URL="http://www.avira.com/en/support-download-free-antivirus"]Avira[/URL]
3. [URL="http://www.microsoft.com/security_essentials/default.aspx"]Microsoft Security Essentials[/URL]

If you have Windows XP, then I recommend downloading one of these free firewalls if you do not already have one:
1. [URL="http://www.comodo.com/home/internet-security/firewall.php"]Comodo Firewall[/URL]
2. [URL="http://www.tallemu.com/products-online-armor-free.php"]Tallemu Online Armor[/URL]

I recommend using [URL="http://www.malwarebytes.org/mbam.php"]MalwareBytes Anti-Malware[/URL] for a anti-malware program.

If you don't have a anti-spyware I recommend to download this free program to help keep you spyware free:
1. [URL="http://www.javacoolsoftware.com/spywareblaster.html"]SpywareBlaster[/URL]

Please don't download more than one anti-virus, firewall, or anti-spyware because they will conflict with each other making your computer slow, data loss, and false results so please just don't do it.

================

Here are some prevention tips:

1. Torrents are a conduit of malware; this is why we highly recommend not using them as chances are extremely high that you will be infected from them.

2. Cracks/warez/keygens are another conduit of malware and are illegal so don't use them.

3. Disable auto-run to prevent auto-run worms from infecting your machine through USB drives.[URL="http://www.engadget.com/2004/06/29/how-to-tuesday-disable-autorun-on-windows/"]XP[/URL] or [URL="http://www.howtogeek.com/howto/windows-vista/disable-autoplay-in-windows-vista/"]Vista/7[/URL]

4. Always make sure you have the latest [URL="http://windowsupdate.microsoft.com"]Windows update[/URL].

5. Use a Site Advisor so you don't go to sites that will infect you. [URL="http://www.mywot.com/en/download"]Web-of-Trust[/URL] or [URL="http://www.siteadvisor.com/download/windows.html"]Mcafee Siteadvisor[/URL]

6. Also there are many holes and flaws in Internet Explorer I recommend using [URL="http://www.getfirefox.com/"]Firefox[/URL] or [URL="http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95346"]Google Chrome[/URL] to keep you more safe.

7. Always keep your [URL="http://www.java.com/en/download/installed.jsp"]Java[/URL] and Adobe Reader updated and all older versions removed to keep clear from exploits.

8. Don't fall for Scareware. What is Scareware? A rogue anti-virus on your system that will scare you into buying their fake software due to false detections.

9. Be sure to always have a firewall and anti-virus installed at all times.

Hi there, all completed and removed as above. Huge thanks for your time and help Sneakyone. Have a good week in the fast lane! Roon

You're welcome, I'm glad to help. If you have anymore problems, then please let me know.

Hi there ..... problems again and this time unable to to make any internet connection and run any reports to show you. Basically a couple of nights ago I noticed that MaAfee scan taking a long time and laptop therefore v slow. Last night MacAfee was trying to update and unable to run or scan, with warning message. Tried to update Malware Bytes in safe mode and would not - Error - unable to update. Then unable to connect to internet at all. Did System Restore to updated 'clean' restore point. but still unable to connect and unable to update Malware Bytes and McAfee this showing warning.

I don't know if there is any chance of help, I can only access the internet from a public computer at the moment!!

Thanks ... Roon

Hi,

Could you please download ComboFix to a USB, then run it on the infected computer?

Hi there .... managed to run Combo Fix via a usb, report below. But after it ran received error warning "Illegal operation attempted on a registry key that has been marked for deletion" for any file, program, internet etc that I attempted to open or run. Thanks in hope!!!! R

ComboFix 11-08-07.03 - roon 09/08/2011 18:52:16.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.809 [GMT 1:00]
Running from: D:\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))
.
.
2011-08-09 18:00 . 2011-08-09 18:00 -------- d-----w- c:\users\roon\AppData\Local\temp
2011-08-09 18:00 . 2011-08-09 18:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-08-09 18:00 . 2011-08-09 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-07 21:32 . 2011-06-20 07:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{522A7A5F-6E56-44EE-BA7B-B592D8599B93}\mpengine.dll
2011-08-07 21:30 . 2011-08-07 21:30 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer
2011-07-12 19:38 . 2011-07-12 19:38 -------- d-----w- c:\program files\Common Files\Adobe(0)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-22 19:46 . 2011-06-22 19:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 17:01 . 2011-06-22 17:01 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-05-29 08:11 . 2011-03-04 18:45 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 08:11 . 2011-03-04 18:45 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-28 06:08 . 2011-06-15 16:02 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04 . 2011-06-15 16:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04 . 2011-06-15 16:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04 . 2011-06-15 16:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04 . 2011-06-15 16:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10 . 2011-06-15 16:02 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33 . 2011-06-15 16:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31 . 2011-06-15 16:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 18:14 . 2009-10-03 15:33 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2011-04-14 13:01 . 2010-09-07 19:28 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"Nokia Tray Application"="c:\program files\Common Files\Nokia\NCLTools\NclTray.exe" [2002-04-29 401408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
"Memeo AutoSync"="c:\program files\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]
"Memeo Send"="c:\program files\Memeo\Memeo Send\MemeoLauncher.exe" [2009-11-05 236816]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2009-7-11 1794048]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-06-22 53816]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]
S1 RapportCerberus_26762;RapportCerberus_26762;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [2011-06-13 57144]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-06-22 66360]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-06-22 158904]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 141792]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-06-22 870200]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-04-30 14088]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-07-30 641024]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{1CB90ED6-9F01-4B35-9367-09DE3F16DB74}: NameServer = 192.168.0.1
FF - ProfilePath - c:\users\roon\AppData\Roaming\Mozilla\Firefox\Profiles\mh3jwz4q.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-09 19:00
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3200)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
Completion time: 2011-08-09 19:05:03
ComboFix-quarantined-files.txt 2011-08-09 18:04
.
Pre-Run: 17,627,287,552 bytes free
Post-Run: 17,562,333,184 bytes free
.
- - End Of File - - DFDB39BBED185746F66369AC6B1FBD36

Hi,

Please download aswMBR from here

• Save aswMBR.exe to your Desktop
  
• Double click aswMBR.exe to run it
  
• Click the Scan button to start the scan as illustrated below
  

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  

Hi there ....

Reals problems doing anything on my laptop. Wouldn't let me run aswMBR by double clicking (ran as adminitrator):

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-12 16:11:02
-----------------------------
16:11:02.758 OS Version: Windows 6.0.6002 Service Pack 2
16:11:02.758 Number of processors: 2 586 0xF0D
16:11:02.758 ComputerName: ROON-PC UserName: roon
16:11:03.694 Initialize success
16:11:36.179 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:11:36.179 Disk 0 Vendor: Hitachi_ BB2O Size: 114473MB BusType: 3
16:11:36.195 Disk 0 MBR read successfully
16:11:36.195 Disk 0 MBR scan
16:11:36.210 Disk 0 Windows VISTA default MBR code
16:11:36.210 Disk 0 scanning sectors +234438656
16:11:36.273 Disk 0 scanning C:\Windows\system32\drivers
16:11:43.901 Service scanning
16:11:45.508 Modules scanning
16:11:54.337 Disk 0 trace - called modules:
16:11:54.369 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:11:54.369 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860e5138]
16:11:54.369 3 CLASSPNP.SYS[82bb18b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x855f8028]
16:11:54.384 Scan finished successfully
16:14:39.177 Disk 0 MBR has been saved successfully to "D:\MBR.dat"
16:14:39.193 The log file has been saved successfully to "D:\aswMBR.txt"


Thankks R

I'm living life in the library ... at least it wasn't burnt down !!!!

Hi,

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Hi there .... followed instructions tried to run Malware Bytes from usb, received error missage: ' An error has ocurred. Please report this error code to support team. PROGRAM_ERROR_UPDATING (11004,0, No address found). The requested name is valid, but no data of the requested type was found'.

So l followed guides/link to download manual instructions to update, saved mbam-rules.exe to usb.

When I tried to run this - error message: 'The set up files are corrupted. Please obtain a new copy of the program'.

Thanks ... Roon

Hi,

Could you please re-run ComboFix?

Hi there ... re-ran ComboFix:

ComboFix 11-08-18.03 - roon 19/08/2011 15:27:25.4.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.1571 [GMT 1:00]
Running from: D:\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-19 to 2011-08-19 )))))))))))))))))))))))))))))))
.
.
2011-08-07 21:32 . 2011-06-20 07:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{522A7A5F-6E56-44EE-BA7B-B592D8599B93}\mpengine.dll
2011-08-07 21:30 . 2011-08-07 21:30 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 18:52 . 2011-03-04 18:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2011-03-04 18:45 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-22 19:46 . 2011-06-22 19:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 17:01 . 2011-06-22 17:01 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-05-28 06:08 . 2011-06-15 16:02 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04 . 2011-06-15 16:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04 . 2011-06-15 16:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04 . 2011-06-15 16:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04 . 2011-06-15 16:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10 . 2011-06-15 16:02 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33 . 2011-06-15 16:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31 . 2011-06-15 16:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 18:14 . 2009-10-03 15:33 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2011-04-14 13:01 . 2010-09-07 19:28 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"Nokia Tray Application"="c:\program files\Common Files\Nokia\NCLTools\NclTray.exe" [2002-04-29 401408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1195408]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
"Memeo AutoSync"="c:\program files\Memeo\AutoSync\MemeoLauncher2.exe" [2010-04-16 144608]
"Memeo Send"="c:\program files\Memeo\Memeo Send\MemeoLauncher.exe" [2009-11-05 236816]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2009-7-11 1794048]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-06-22 53816]
R1 RapportCerberus_26762;RapportCerberus_26762;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [2011-06-13 57144]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-06-22 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-06-22 158904]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-06-22 870200]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-04-30 14088]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 56064]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 84488]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 64584]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 165032]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 141792]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 314088]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-07-30 641024]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 290304]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{1CB90ED6-9F01-4B35-9367-09DE3F16DB74}: NameServer = 192.168.0.1
FF - ProfilePath - c:\users\roon\AppData\Roaming\Mozilla\Firefox\Profiles\mh3jwz4q.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-19 15:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1736)
c:\windows\system32\igfxsrvc.dll
c:\progra~1\Nokia\NOKIAP~2\Lang\ConnectionManager_eng.nlr
.
Completion time: 2011-08-19 15:36:13
ComboFix-quarantined-files.txt 2011-08-19 14:36
ComboFix2.txt 2011-08-09 18:05
.
Pre-Run: 19,773,104,128 bytes free
Post-Run: 19,683,491,840 bytes free
.
- - End Of File - - A090D676778D5CD1F5304282CA45B8D5

Tried mbam-setup.exe and mbam-rules.exe and received error message "illegal operation attempted on a registry key that has been marked for deletion".

Thanks ... Roon

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
  
• Error messages
  
• Fake antivirus alerts or the icon in the system tray
  
• svchost.exe running at 100%
  
• System crashes or blue screen of death

Hi, Basically (as per message 8 Augu) I noticed that MaAfee scan taking a long time and laptop V slow. MacAfee was trying to update and unable to run or scan, with warning message. Tried to update Malware Bytes in safe mode and would not - Error - unable to update. Unable to access internet. Ran ComboFix as instructed via usb. But after it ran received error warning "Illegal operation attempted on a registry key that has been marked for deletion" for any file, program, internet etc that I attempted to open or run.

Advised to run Malware Bytes, followed instructions tried to run from usb, received error missage: ' An error has ocurred. Please report this error code to support team. PROGRAM_ERROR_UPDATING (11004,0, No address found). The requested name is valid, but no data of the requested type was found'. So l followed guides/link to download manual instructions to update, saved mbam-rules.exe to usb. When I tried to run this - error message: 'The set up files are corrupted. Please obtain a new copy of the program'.

At the moment I receive the error message"Illegal operation attempted on a registry key that has been marked for deletion" for every file, program, internet etc that I attempted to open or run. MacAfee still defunct and windows defence down. Unable to do anything.

Thanks ... Roon

Download the OTLPE Standard REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
• Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
• Reboot your system using the boot CD you just created.
  
  Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
  
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  • Change Drivers to Non-Microsoft
    
  • Press Run Scan to start the scan.
    
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    
  • Copy this file to your USB drive if you do not have internet connection on this system
    
  • Please post the contents of the OTL.txt file in your reply.