Uninstall every Java version that you can find in Programs and Features. You will probably never miss it. If you do find something that needs it, create a new thread and let's discuss then need vs. the risk.
I'm still not seeing any evidence of a VM. The Documents and Settings folder is a part of Windows 7. It is not evidence of a 32-bit XP VM (in case that is what you were thinking).
Wow, UsernameIssues! (May I call you UNI?) You have spent a lot of time already looking into this for me. I thank you very much!
"Can you take a picture of what you see via the custom scan drive selection dialog box?" (Post #32)
Here it is, operating from my User Account "A", a member of the Administrators Group:
Last edited by UberGoober; 10 Nov 2015 at 09:31. Reason: clarity
My replies in purple
OK, UNI, let me put in the WDO disk and see what I get for drives now. Back later...and thanks again, so much! UGWhat you show in that screenshot is normal.
Why is "A" locked? I haven't seen that in other W7 installations.
Note the "Date Modified" on my user account "A" - 1/09/1980! The last clean custom reinstall of W7 I did was in early October, I think.
The malware had set a password for entering Setup, so I couldn't change the date & time in CMOS. If there is no hidden VM, where did the ability to do that come from? I was able to use Date & Time in the OS after installation.
Where is Guest user? And I've never seen a user called Default, Default User, or Public before. I didn't set them up - it was Deus ex Machina, I think!
Lemme show you the real list of All Users (4 snips)
Are they all normally set up by Windows?
It is normal for some of those tools to assign a drive letter to the system reserve partition. Judging from the folders in the X drive shown in WDO, that drive seems to be where the WDO scanner is operating from.
You are welcome.
Sure, UNI is fine/simpler.
re: post #43:
I was looking for a picture (probably taken with a camera) of the Custom Scan dialog box from Windows Defender Offline; not Windows Defender while Windows is running from your user account "A". Such a picture should show the X drive that you mention in your original post.
re: post #44:
I have read that the lock icon on a folder indicates that the folder has access restrictions. A non-admin user should not be able to navigate into your "A" folder. To a non-admin user, the All Users folder will be restricted to read-only access.
Were you ever able to get into BIOS on this computer? Did you update the BIOS firmware at some point? This info might help you get rid of that password. I would try option 2.
The Guest user account and the Guests user group are built into Windows 7.
The folder named Default is also normal. It contains some of the default files and folders that are used by Windows when creating a new user account folder. By default, these folders are not shown to a user (so you might not have seen them before). You are not using the default settings within Windows (file) Explorer; so, you are seeing folders and files that are designed to be hidden. (e.g. the Documents and Settings folder that we discussed earlier.)
If you were using the default settings for Windows (file) Explorer; you would still see the user folder named Public. This folder is normal. It is where files and folders so that are shared between users... even users on other computers - if sharing is setup that way.
When you install Windows 7, you are asked to pick a username for one account. In the screenshots below, that username is username. Here are the normal/default user accounts (as far as I know):
USERS:
GROUPS:
You can get to the Computer Management console by right clicking on Computer and selecting Manage from the context menu. There might be a Computer shortcut/icon on your desktop. There is a Computer object in the navigation pane of Windows (file) Explorer and on the right pane of the Start Menu.
Purple again...You are welcome.
Sure, UNI is fine/simpler.
re: post #43:
I was looking for a picture (probably taken with a camera) of the Custom Scan dialog box from Windows Defender Offline; not Windows Defender while Windows is running from your user account "A". OOPS! Such a picture should show the X drive that you mention in your original post. Yes, it does. Unfortunately, I can't send the camera pix I took. Windows isn't trying to install drivers for the USB camera card adapter I inserted!
Okay - at least you can see that the X drive is not some evil VM. It is normalPurple again...You are welcome.
Sure, UNI is fine/simpler.
re: post #43:
I was looking for a picture (probably taken with a camera) of the Custom Scan dialog box from Windows Defender Offline; not Windows Defender while Windows is running from your user account "A". OOPS! Such a picture should show the X drive that you mention in your original post. Yes, it does. Unfortunately, I can't send the camera pix I took
Green this time.
Dang it! I just clicked the "Submit Reply" button after making sure I was still logged in and got redirected to a sign-in page.
This has happened before, so I had copied my post to Notepad. I'm not able to do anything with the post unless I sign in on that page while I'm already signed in on the reply page. Then I'm brought back to the reply page, but all my input is gone.
Let's try that again...
Curses!
Attachment 375700
Last edited by UberGoober; 12 Nov 2015 at 07:18. Reason: Fix format
Thank you for taking the time to write that out again. I somehow missed your post #28 on page 3 where you give similar details. I have never used DBAN. My cure for persistent infections is buying a new hard drive.
It is odd that you have to log into this forum multiple times to make a post.
re: post #28:
The "DO" in the URL is normal.
I'm not sure what the "X:\V::" could be or where the XP OS is coming from. Let's see if Jacee or other forum members know of tools that might wipe the drive better.
Quote
