Sorry for the delay

Lets try running it in safe mode:


Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:

• Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
• Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
• Once the short scan has finished, Click Options > Change settings
• Choose the "Scan tab" and UNcheck "Heuristic analysis"
• Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
• Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
• When done, a message will be displayed at the bottom advising if any viruses were found.
• Click "Yes to all" if it asks if you want to cure/move the file.
• When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
  (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
• Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
• Save the DrWeb.csv report to your desktop.
• Exit Dr.Web Cureit when done.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Ok, I restarted my computer in safe mode using F8 as instructed and Double licked on Dr Web-Cureit. this is what occured as before, a green window with the logo opened and had two choices Start and Update I clicked on start and another box came up stating "Scan checks RAM and Startup files for active Viruses, when done you can choose Express Scan of your hard drive, still complete scan is recommended." I clicked on start and once again the blue screen appears.
Here is the Technical information:
stop: 0x0000007E (0XC0000005, 0XF747EC2C,0XF792EC4C, 0XF792E948)
iaStor.sys- Address F747EC2C base at F744B000
DateStamp 40e1b22a
beginning dump of Physical Memory
{Physical Memory dump complete.

I still have Curit installed.

Can you log in to windows ok?

Yes, the computer seems to working just fine. It just won't allow me to run the Cureit without crashing even in safe mode.

I would like to see 1 more scan with MBAM:

Launch Malwarebytes' Anti-Malware

• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Here is the log.

Malwarebytes' Anti-Malware 1.38
Database version: 2340
Windows 5.1.2600 Service Pack 3

07/14/09 16:51:56
mbam-log-2009-07-14 (16-51-56).txt

Scan type: Quick Scan
Objects scanned: 108459
Time elapsed: 7 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

How is your computer running?

The computer is running just fine. When ever it is restarted and I log on to my side it seems to take a long time to log on and be ready to use. Probably because there is a lot of things running in the back ground. Is that correct?
I have been thinking about deleting Norton and using AVG free version, I have several friends that use it and they really like it. Two of them claim Norton really slows down a computer and they switched to AVG that their computers started working faster. What is your opinion on this and AVG? I would really appreciate hearing back about this. Of course I just renewed Norton for a year.

Chuck

Hi Chuck.

Yes, your computer can run slow due to many programs running at startup and in the background.

I generally recommend using a free antivirus if you have not already paid for a subscription, but if you are ok with having paid for the subscription but not using I can give you a list of some free antivirus including AVG.

My personal free antivirus is AntiVir. AVG is ok too. The older versions of Norton have been known as resource hogs. But recently, Norton has reduced its finger print, and Norton Internet Security 2009 is much better.

Yes I'd like a list. Do you feel AntiVIr is better than AVG? I understand that Avast roots out more viruses, but has problems with false postives and has to be reloaded yearly.
Any ideas are appreciated.
Thank you for all your help, I made a donation a while back, not much, but all I can afford at this time. You have been a great help.

Chuck

Hi Chuck.

You are very welcome. Thank you very much for the donation, it was much appreciated. Glad I am able to help you.


Yes, I recommend and personally use AntiVir myself.

Here are a few very good free Antivirus products which are available (make sure you only choose one):

• AntiVir Personal
• AVG Free
• AVAST!
• PC Tools AntiVirus

Also,

Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Your log looks clean, Great Job

Now for some cleanup..
Please download OTC and save it to Desktop.

• Please make sure you are connecting to the Internet
• Double-click OTC.exe
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes

Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

• Go to Start > Programs > Accessories > System Tools and click "System Restore".
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Then go to Start > Run and type: Cleanmgr
• Click "OK".
• Click the "More Options" Tab.
• Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.
     
     1. Change the Download signed ActiveX controls to Prompt
     2. Change the Download unsigned ActiveX controls to Disable
     3. Change the Initialize and script ActiveX controls not marked as safe to Disable
     4. Change the Installation of desktop items to Prompt
     5. Change the Launching programs and files in an IFRAME to Prompt
     6. Change the Navigate sub-frames across different domains to Prompt
     7. When all these settings have been made, click on the OK button.
     8. If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

• Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
  
  No Firewall Onboard
  
  You don't seem to have a firewall program installed. Using a firewall will allow you to allow/deny access for applications that want to go online. Select one of these, or another of your choice:
  
  • Online Armor
  • Sunbelt Personal Firewall
  • OutPost Firewall
  
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  
• Install SpywareGuard - SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

• McAfee Site Advisor <= McAfee Site Advisor protects your browser against malicious sites and warns you when you go to one.
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.