OK - going out for a while but will check in later.
Unknown infection and can't run FRST [Solved]
#16
Posted 30 November 2014 - 11:26 AM
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.Register to Remove
#17
Posted 30 November 2014 - 06:39 PM
Alright Satchfan, I'm ready to tackle this again for a bit. What I can tell you is that somethings are much faster than they were and bootup is much slower. Lightroom still is malfunctioning in the Develop Module. All other programs are working as they should and a few of them are MUCH faster. I had to re-install Photoshop Elements 10 because I needed to use it. I had uninstalled it before we started working together.
Two specific bootup problems. CCleaner is asking to load and I am denying it. Is there a way to shut that off? Or, even better, is there a better clean up program that I can use instead? I took a quick look at your "doucmentation" about IObit, etc. and I would certainly trust your judgement. I have been using the IObit Advanced System Care since at least version 4 and I think removing it is why the system went back to a very old wallpaper (can only imagine how much change that meant under the hood of the system!).
The second bootup issue is that I get a very quick message that "DSD_3420 (not responding)" and then the small box delivering the message goes away. I have no idea what that i connected to. Do you?
#18
Posted 30 November 2014 - 07:22 PM
Adobe tested the following video cards before the release of Photoshop CC and CC 2014. This document lists the video card by series. The minimum amount of VRAM supported on video cards for Photoshop CC and CC 2014 is 512 MB.
Adobe tested laptop and desktop versions of the following cards. Be sure to download the latest driver for your specific model (Laptop and desktop versions have slightly different names.)....Intel HD Graphics P3000"
The above is taken from this website:
http://helpx.adobe.c...aq1.html#Tested video cards for Photoshop CC and CC 2014
Now my graphics card is just listed as just INtel HD graphics 3000. I did find, on the Intel, a 32 and 64 bit update for my card.
#19
Posted 30 November 2014 - 09:06 PM
No, I don't think the Lightroom problem is hardware related because, just to test it myself, I just re-installed Lightroom 4 -- which worked perfectly until I installed LIghtroom 5! Again, after install, same problem in the Develop module
#20
Posted 01 December 2014 - 02:15 AM
Lightroom still is malfunctioning in the Develop Module
That is not something I can help with as I know nothing about it or any of the graphics problems you’re having. When we finish up here I’ll give you a link to another of our forums where they should be able to help.
CCleaner is asking to load and I am denying it. Is there a way to shut that off?
You could disable it from starting or just uninstall it.
DSD_3420 (not responding)
That is a message relating to Dell System Detect which scans your computer for your service tag; this is to enable automatic detection of updates related to drivers, downloads & other recommended software.
It is unnecessary and your drivers don’t need to be updated unless you are having problems, in which case they can be updated manually. You can uninstall Dell System Detect via the Control panel in the usual way.
I think we’ll run some final scans and if all is well, we can tidy up and I’ll give you my security recommendations etc.
Run Security Check
Download Security Check by screen317 from here or here.
- save it to your Desktop.
- double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- a Notepad document should open automatically called checkup.txt; please post the contents of that document.
================================================
Run Malwarebytes’ Anti-Malware
I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:
- start Malwarebytes-Anti-Malware and update it, (“Update” tab}
- once it is updated, click on “Scan” tab, select Threat Scan, then click Scan.
- when the scan is complete, if no malicious items are found you can close the program
- if malicious items are found be sure that everything is checked and click Quarantine
- when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
- the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
- copy and paste the contents of that report in your next reply and exit MBAM.
NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
===================================================
Run ESET Online Scan
IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
- click the Eset online Scanner button
- for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
o click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
o double click on the Eset installer icon on your desktop.
- check Yes, I accept the Terms of Use
- click the Start button
- accept any security warnings from your browser
- check Enable detection of potentially unwanted applications
- click Advanced settings and select the following:
Note: Do not check Remove found threats
o scan archives
o scan for potentially unsafe applications
o enable Anti-Stealth technology
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- when the scan completes, push List of found threats
- push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - if ESET doesn't find any threats, no report will be created.
- push the back button.
- push Finish
When the scan is complete:
If no threats were found:
o put a checkmark in "Uninstall application on close"
o close program
o report to me that nothing was found
If threats were found:
o click on "list of threats found"
o click on "export to text file" and save it as ESET results and save to the desktop
o Click on back
o put a checkmark in "Uninstall application on close"
o click on finish
o close program
o copy and paste the report here.
Logs to include with the next post:
checkup.txt
Mbam.txt
Eset results (if there are any)
Satchfan
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.#21
Posted 01 December 2014 - 08:40 AM
1) Lightroom problem solved quickly and easily after a post on the Adobe Lightroom fourm (just had to remove a preference file!)
2) Uninstalled CCleaner. The AVast Siren went off as soon as I hit Uninstall, too.
3) Removed the DSD_3420 program
Now please don't get upset with me but, in an absence of your response and your apparent trust in Bleeping Computer, I download and ran Combo Fix which apparently cleaned up a lot. It is only fair that I let you know that before I run your next suggestions which I will now work my way through.
Well, the ESET scan is only 34% complete and is going to take quite a bit more time. It has just scanned a Win32/HackTool that I will love to get rid of! Whie waiting, here are the other reports:
Security Check
#22
Posted 01 December 2014 - 01:23 PM
ESET Report
#23
Posted 01 December 2014 - 02:53 PM
in an absence of your response and your apparent trust in Bleeping Computer
We ask you at the beginning not to run any programs unless requested: this is for a reason.
Yes, I trust BleepingComputer and they correctly have a warning on the download page about what you have done:
"Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper".
I download and ran Combo Fix which apparently cleaned up a lot.
How do you know that it "cleaned up a lot"? Those "infections" could have been legitimate files that you may need at some point and no longer have.
I'd like you to send me the log you got from ComboFix:
ComboFix logs are located at c:\combofix.txt
Satchfan
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.#24
Posted 01 December 2014 - 03:30 PM
My apologies :-( Yes, I just read through it and it does indeed look as though I might have screwed up big time, but I AM glad that it shows you the Internet Explorer Ghostviet stuff because IE opens up two tabs of it and I have not been able to change that no matter what I have tried. Anyway, here is the Comb Fix report:
#25
Posted 01 December 2014 - 04:16 PM
it shows you the Internet Explorer Ghostviet
That was seen in the first scan I asked you to run so ComboFix "fixed/found" nothing that we didn't know about.
IE opens up two tabs of it and I have not been able to change that no matter what I have tried
You didn't mention this before - is it still a problem?
We need to get rid of what was found in the Eset scan.
Please copy all text in the code box below and paste it into Notepad:
@echo off del /f /s /q "C:\MGtools\Process.exe Win32/PrcView" del /f /s /q "C:\PDFXVwer\PDFXVwer.exe" del /f /s /q "C:\Program Files\IObit\Advanced SystemCare 6" del /f /s /q "C:\ProgramData\IObit\ASCDownloader" del /f /s /q "C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe" del /f /s /q "C:\Users\Grandma\Downloads\ccsetup500.exe" del /f /s /q "C:\Users\Grandma\Downloads\spsetup126.exe" del /f /s /q "D:\Software - XP\PDFXVwer\PDFXVwer.exe" del /f /s /q "D:\Software - Current\PDFXVwer.zip" del /f /s /q "D:\Software - Current\PDFXVwer\PDFXVwer.exe" del /f /s /q "F:\June 21-2013\speccysetup122.exe" del /f /s /q "F:\Software - Current\PDFXVwer.zip" del /f /s /q "F:\Software - Current\PDFXVwer\PDFXVwer.exe" del %0
- save the Notepad file to your desktop and name it delfiles.bat
- save type as "All Files"
- on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).
Please answer the question about IE.
Satchfan
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.Register to Remove
#26
Posted 01 December 2014 - 04:38 PM
Am going to do this and then I have to go out for a few hours. Back later in 3 hours.
#27
Posted 01 December 2014 - 05:16 PM
Time difference - I'm off to sleep now and have a busy day tomorrow but your computer is fine so we'll complete this tomorrow.
Satchfan
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.#28
Posted 01 December 2014 - 10:12 PM
Quote
it shows you the Internet Explorer Ghostviet
That was seen in the first scan I asked you to run so ComboFix "fixed/found" nothing that we didn't know about.
Quote
IE opens up two tabs of it and I have not been able to change that no matter what I have tried
You didn't mention this before - is it still a problem?
Yes, it is still a problem.
#29
Posted 02 December 2014 - 02:46 AM
Please run RogueKiller again and send the new log.
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.#30
Posted 02 December 2014 - 06:01 AM
RogueKiller report
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users