Solved HELP - Windows Defender cannot remove Trojan: JS/Redirector.JA

[Mike Lynch]

I run Windows-7 with Microsoft Security Essentials(MSE), both are current on Updates.

MSE indicated that I had not run a Scan in some time and the Icon turned Orange.

I ran Quick Scan and the Icon remained Orange after the Quick Scan completed.

I then ran a Full Scan and the Icon turned Green when the Scan Completed.

I was suspicious and ran a Full Malwarebytes Scan which found nothing.

I was about to call it a day but decided to run Windows Defender Offline overnight.

Defender found Trojan: JS/Redirector.JA. Severe

I selected the Remove Option and Defender started to do something.

After about seven or eight minutes Defender reported:

Remove - Error Encountered 0x800700de

The File Type being saved or retrived has been blocked.

Windows Defender could not apply the action you selected.

I am at a loss as how to proceed. MSE and the Windows Defender take +-Five Hours to complete on my System. I would like to Remove this Trojan but have no idea where to begin. Can the Forum make any suggestions?

 

[Borg 386]

First, is there any chance you can do a system restore? If so, roll they system back 2 or preferably 3 points past the point of infection. (Some viruses embed themselves in the 1st restore point).

You can also try running Malwarebytes in Safe Mode.

Did you make the WDO disk on the infected computer? If so, WDO's integrity may have compromised. Try making the disk on a clean PC & then run it on your system. And make sure your net connect is shut off when you run it.

Second, if that doesn't work, you could try one of the following tools:

Norton Power Eraser

Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully. If you accidently remove a legitimate program, you can run Norton Power Eraser to review past repair sessions and undo them.

SuperAntiSpyware.

If these fail, it might be a good idea to delete Java from your system & then run another scan to see if this can ferret out the infection.

Trojan:JS/Redirector.JA’s evil purpose is to compromise your security programs and steal your confidential data then send it to the internet hackers. Remove Trojan:JS/Redirector.JA as soon as possible once detected to ensure the safety of your system. Once installed, Trojan:JS/Redirector.JA will be configured to start automatically when you start Windows.

Trojan:JS/Redirector.JA is a trojan, written in highly obfuscated JavaScript, that redirects users to websites that promote a male enhancement product.

 

[Jacee]

Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

• Double click combofix.exe and follow the prompts.
• When finished, it will produce a log for you.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt
***A guide and tutorial on "How to use Combofix" can be found here:
ComboFix: A guide and tutorial on using ComboFix

IF CF won't run:
During the download (before saving or running it), rename Combofix.exe to sVchost.exe

 

[Mike Lynch]

ComboFix.txt

ComboFix 12-12-07.01 - Mike 12/08/2012 0:12.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3061.1306 [GMT -5:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1354896677.bdinstall.bin
c:\programdata\1354909018.bdinstall.bin
c:\users\Camille\WINDOWS
c:\users\Charmaine\WINDOWS
c:\users\Chloe\WINDOWS
c:\users\Heather\WINDOWS
c:\users\Jennifer\WINDOWS
c:\users\Michelle\WINDOWS
c:\users\Mike\WINDOWS
c:\users\Simone\WINDOWS
c:\users\Terry\WINDOWS
c:\users\Tim\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))))
.
.
2012-12-08 00:37 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADFFC7BA-22C5-42CB-9871-55FEC4F62F99}\mpengine.dll
2012-12-07 16:17 . 2012-12-07 16:17 -------- d-----w- c:\programdata\BitDefender
2012-12-07 16:16 . 2012-12-07 16:16 -------- d-----w- c:\programdata\BDLogging
2012-12-07 16:12 . 2012-12-07 16:12 -------- d-----w- c:\users\Mike\AppData\Roaming\QuickScan
2012-12-07 16:11 . 2012-12-07 19:43 -------- d-----w- c:\program files\Auslogics Software
2012-12-07 16:10 . 2012-12-07 19:41 -------- d-----w- c:\program files\Common Files\Auslogics Software
2012-12-07 16:09 . 2012-12-07 16:09 -------- d-----w- c:\program files (x86)\Common Files\Bitdefender
2012-12-07 02:45 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-28 23:29 . 2012-11-28 23:29 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FC1AE5D1-B926-4597-85BE-EC7CD64EC9CA}\gapaengine.dll
2012-11-28 14:18 . 2012-11-28 14:18 -------- d-----w- c:\programdata\Citrix
2012-11-28 14:18 . 2012-11-28 14:18 -------- d-----w- c:\program files (x86)\Common Files\Citrix
2012-11-22 06:14 . 2012-11-22 13:09 -------- d-----w- c:\users\Michelle\AppData\Local\Microsoft Games
2012-11-21 13:31 . 2012-12-02 05:59 -------- d-----w- c:\users\Bianca
2012-11-13 19:32 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-13 19:32 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-13 19:32 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-13 19:32 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-13 19:23 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-13 19:23 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-13 19:23 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-13 19:23 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-13 19:23 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-13 19:23 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-13 19:23 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-13 19:17 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-13 19:17 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-13 19:17 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-13 19:17 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-11 14:57 . 2012-11-11 14:57 -------- d-----w- c:\program files\Easy Duplicate Finder 4
2012-11-11 14:57 . 2012-11-11 14:57 -------- d-----w- c:\programdata\Ask
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-13 19:24 . 2011-02-11 23:03 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-09 17:48 . 2012-04-03 21:24 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-09 17:48 . 2011-05-17 22:04 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-11-27 22:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 22:33 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 22:33 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-29 02:32 . 2012-09-29 02:32 2177688 ----a-w- c:\windows\system32\coin92.dll
2012-09-27 21:31 . 2011-03-26 01:27 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-25 03:16 . 2012-11-01 14:33 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-21 00:11 . 2012-08-31 00:22 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-09-21 00:00 . 2012-08-31 00:22 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-09-20 12:30 . 2012-09-20 12:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-09-20 12:24 . 2011-12-24 01:48 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-20 12:12 . 2011-12-24 01:48 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-09-20 12:12 . 2012-09-20 12:12 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-09-19 13:11 . 2012-09-19 13:23 2605400 ----a-w- c:\windows\system32\WavesGUILib.dll
2012-09-19 13:11 . 2012-09-19 13:23 1361336 ----a-w- c:\windows\system32\tosade.dll
2012-09-19 13:11 . 2012-09-19 13:23 65944 ----a-w- c:\windows\system32\tepeqapo64.dll
2012-09-19 13:11 . 2012-09-19 13:23 836544 ----a-w- c:\windows\system32\tadefxapo264.dll
2012-09-19 13:11 . 2012-09-19 13:23 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
2012-09-19 13:11 . 2012-09-19 13:23 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
2012-09-19 13:11 . 2012-09-19 13:23 198896 ----a-w- c:\windows\system32\SRSHP64.dll
2012-09-19 13:11 . 2012-09-19 13:23 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
2012-09-19 13:11 . 2012-09-19 13:23 148416 ----a-w- c:\windows\system32\tadefxapo.dll
2012-09-19 13:11 . 2012-09-19 13:22 220776 ----a-w- c:\windows\system32\SFSS_APO.dll
2012-09-19 13:11 . 2012-09-19 13:22 81248 ----a-w- c:\windows\system32\SFCOM64.dll
2012-09-19 13:11 . 2012-09-19 13:22 78688 ----a-w- c:\windows\system32\SFAPO64.dll
2012-09-19 13:11 . 2012-09-19 13:22 74064 ----a-w- c:\windows\SysWow64\SFCOM.dll
2012-09-19 13:11 . 2012-09-19 13:22 221024 ----a-w- c:\windows\system32\SFNHK64.dll
2012-09-19 13:11 . 2012-09-19 13:22 2674320 ----a-w- c:\windows\system32\RtPgEx64.dll
2012-09-19 13:11 . 2012-09-19 13:22 1560168 ----a-w- c:\windows\system32\RTSnMg64.cpl
2012-09-19 13:11 . 2012-09-19 13:22 4065296 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2012-09-19 13:11 . 2012-09-19 13:22 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2012-09-19 13:11 . 2012-09-19 13:22 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2012-09-19 13:11 . 2012-09-19 13:22 14952 ----a-w- c:\windows\system32\RtkCoLDR64.dll
2012-09-19 13:11 . 2012-09-19 13:22 3615888 ----a-w- c:\windows\system32\RtkAPO64.dll
2012-09-19 13:11 . 2012-09-19 13:22 869520 ----a-w- c:\windows\system32\RtkApi64.dll
2012-09-19 13:11 . 2012-09-19 13:22 375128 ----a-w- c:\windows\system32\RTEEP64A.dll
2012-09-19 13:11 . 2012-09-19 13:22 78680 ----a-w- c:\windows\system32\RTEEG64A.dll
2012-09-19 13:11 . 2012-09-19 13:22 204120 ----a-w- c:\windows\system32\RTEED64A.dll
2012-09-19 13:11 . 2012-09-19 13:22 101208 ----a-w- c:\windows\system32\RTEEL64A.dll
2012-09-19 13:11 . 2012-09-19 13:22 5096448 ----a-w- c:\windows\system32\RCoRes64.dat
2012-09-19 13:11 . 2012-09-19 13:22 310104 ----a-w- c:\windows\system32\RP3DHT64.dll
2012-09-19 13:11 . 2012-09-19 13:22 310104 ----a-w- c:\windows\system32\RP3DAA64.dll
2012-09-19 13:11 . 2012-09-19 13:22 1262696 ----a-w- c:\windows\system32\RTCOM64.dll
2012-09-19 13:11 . 2012-09-19 13:22 105616 ----a-w- c:\windows\system32\RCoInstII64.dll
2012-09-19 13:11 . 2012-09-19 13:22 7163744 ----a-w- c:\windows\system32\R4EEP64A.dll
2012-09-19 13:11 . 2012-09-19 13:22 74592 ----a-w- c:\windows\system32\R4EEG64A.dll
2012-09-19 13:11 . 2012-09-19 13:22 433504 ----a-w- c:\windows\system32\R4EED64A.dll
2012-09-19 13:11 . 2012-09-19 13:22 141152 ----a-w- c:\windows\system32\R4EEL64A.dll
2012-09-19 13:11 . 2012-09-19 13:22 123744 ----a-w- c:\windows\system32\R4EEA64A.dll
2012-09-19 13:11 . 2012-09-19 13:22 396632 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
2012-09-19 13:11 . 2012-09-19 13:22 1345368 ----a-w- c:\windows\system32\MaxxAudioRealtek264.dll
2012-09-19 13:11 . 2012-09-19 13:22 8363864 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2012-09-19 13:11 . 2012-09-19 13:22 2131288 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
2012-09-19 13:11 . 2012-09-19 13:22 341336 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
2012-09-19 13:11 . 2012-09-19 13:22 318808 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2012-09-19 13:11 . 2012-09-19 13:22 1015640 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll
2012-09-19 13:11 . 2012-09-19 13:22 603984 ----a-w- c:\windows\system32\KAAPORT64.dll
2012-09-19 13:11 . 2012-09-19 13:22 693352 ----a-w- c:\windows\system32\DTSVoiceClarityDLL64.dll
2012-09-19 13:11 . 2012-09-19 13:22 2533952 ----a-w- c:\windows\system32\FMAPO64.dll
2012-09-19 13:11 . 2012-09-19 13:22 537456 ----a-w- c:\windows\system32\DTSU2PLFX64.dll
2012-09-19 13:11 . 2012-09-19 13:22 524656 ----a-w- c:\windows\system32\DTSU2PGFX64.dll
2012-09-19 13:11 . 2012-09-19 13:22 449392 ----a-w- c:\windows\system32\DTSU2PREC64.dll
2012-09-19 13:11 . 2012-09-19 13:22 712296 ----a-w- c:\windows\system32\DTSSymmetryDLL64.dll
2012-09-19 13:11 . 2012-09-19 13:22 1756264 ----a-w- c:\windows\system32\DTSS2SpeakerDLL64.dll
2012-09-19 13:11 . 2012-09-19 13:22 1568360 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL64.dll
2012-09-19 13:11 . 2012-09-19 13:22 491112 ----a-w- c:\windows\system32\DTSNeoPCDLL64.dll
2012-09-19 13:11 . 2012-09-19 13:22 432744 ----a-w- c:\windows\system32\DTSLimiterDLL64.dll
2012-09-19 13:11 . 2012-09-19 13:22 728680 ----a-w- c:\windows\system32\DTSBassEnhancementDLL64.dll
2012-09-19 13:11 . 2012-09-19 13:22 428648 ----a-w- c:\windows\system32\DTSGainCompensatorDLL64.dll
2012-09-19 13:11 . 2012-09-19 13:22 242792 ----a-w- c:\windows\system32\DTSLFXAPO64.dll
2012-09-19 13:11 . 2012-09-19 13:22 242792 ----a-w- c:\windows\system32\DTSGFXAPO64.dll
2012-09-19 13:11 . 2012-09-19 13:22 241768 ----a-w- c:\windows\system32\DTSGFXAPONS64.dll
2012-09-19 13:11 . 2012-09-19 13:22 1486952 ----a-w- c:\windows\system32\DTSBoostDLL64.dll
2012-09-19 13:11 . 2012-09-19 13:22 202336 ----a-w- c:\windows\system32\AERTAC64.dll
2012-09-19 13:11 . 2012-09-19 13:22 108640 ----a-w- c:\windows\system32\AERTAR64.dll
2012-09-19 13:10 . 2011-02-15 13:35 1706640 ----a-w- c:\windows\RtlExUpd.dll
2012-09-19 13:06 . 2012-03-29 20:59 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-09-14 19:19 . 2012-10-09 17:07 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-09 17:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-07-27 380088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]
R3 DisplayLinkUsbPort;DisplayLink USB Device; [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-12 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2012-04-25 93272]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-11-09 189608]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2007-05-11 70424]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-01-19 20:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 17:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-09-19 12503184]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObjec.dll
Trusted Zone: microsoft.com\oas.support
Trusted Zone: microsoft.com\support
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/WebInstall/ghostery.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-CitrixReceiver - c:\programdata\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk
SafeBoot-14263120.sys
Toolbar-10 - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D7E97865-918F-41E4-9CD0-25AB1C574CE8}"=hex:51,66,7a,6c,4c,1d,38,12,0b,7b,fa,
d3,bd,df,8a,04,e3,c6,66,eb,19,09,08,fc
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}"=hex:51,66,7a,6c,4c,1d,38,12,b4,b5,6d,
27,d8,71,bc,08,f5,77,ea,41,b0,9a,cd,c3
"{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}"=hex:51,66,7a,6c,4c,1d,38,12,5a,50,79,
6b,db,36,f5,08,fe,94,c8,01,ef,d2,7d,fb
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{CCB69577-088B-4004-9ED8-FF5BCC83A039}"=hex:51,66,7a,6c,4c,1d,38,12,19,96,a5,
c8,b9,46,6a,05,e1,ce,bc,1b,c9,dd,e4,2d
"{D3D233D5-9F6D-436C-B6C7-E63F77503B30}"=hex:51,66,7a,6c,4c,1d,38,12,bb,30,c1,
d7,5f,d1,02,06,c9,d1,a5,7f,72,0e,7f,24
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d0,68,83,83,d1,56,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,6c,67,a3,4f,76,aa,4e,88,74,44,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c9,6c,67,a3,4f,76,aa,4e,88,74,44,\
.
[HKEY_USERS\S-1-5-21-934717694-3192348872-3920661462-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-934717694-3192348872-3920661462-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-934717694-3192348872-3920661462-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\05\07\12\18\0e?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-08 00:25:40
ComboFix-quarantined-files.txt 2012-12-08 05:25
.
Pre-Run: 1,141,041,008,640 bytes free
Post-Run: 1,142,415,417,344 bytes free
.
- - End Of File - - DC4E422AC4A648D39895D9785F52C960

 

[Jacee]

Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Next, Download AdWareCleaner AdwCleaner Download to your desktop
1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
2.Click on Delete button.
3.Confirm each time with OK.
4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

More instructions to follow after you've done the above.

 

[Mike Lynch]

AdwCleaner

# AdwCleaner v2.011 - Logfile created 12/09/2012 at 14:08:11
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Mike - SEVENPRO64
# Boot Mode : Normal
# Running from : C:\Users\Mike\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\Mike\AppData\Local\Conduit
Folder Deleted : C:\Users\Mike\AppData\LocalLow\Conduit
***** [Registry] *****
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Registry is clean.
*************************
AdwCleaner[S1].txt - [3120 octets] - [09/12/2012 14:08:11]
########## EOF - C:\AdwCleaner[S1].txt - [3180 octets] ##########

 

[Jacee]

How is your computer running now?

 

[Mike Lynch]

It appears to be running normally, as it did before the infection.

I would like to rerun the Windows Defender Offline once more.

Can I rerun it again at this time, without disturbing what you have been able to correct?

Best regards,

Mike Lynch

 

[Jacee]

Sure!

 

[Mike Lynch]

It ran to completion without any errors / trojans!

Thank you so much for your help.

Best regards,

Mike Lynch

 

[Jacee]

You will need to uninstall Combofix now.

Click on the Start button and then select Run from the menu. This will open up the Run box.
Copy/Paste combofix /uninstall (Please note that there is a space between combofix and /uninstall), click on the OK button or Enter on your keyboard.
You can now delete the ComboFix.exe program from your computer

 

[Mike Lynch]

Thank you again!

Best regards,

Mike Lynch

 

[Jacee]

Mike, set a clean restore point so you don't accidently get a bad one ... see tutorial here: http://www.sevenforums.com/tutorials/336-system-protection-restore-points-delete.html

Now, update Java! (look on the right hand side *JRE download*)

• Download the latest version of Java Runtime Environment (JRE) 7u10.
  http://www.oracle.com/technetwork/java/javase/downloads/index.html
• Scroll over to the right (JRE)
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  [*]Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  [*]Click the Remove or Change/Remove button.
  [*]Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-7u10-windows-i586-p.exe to install the newest version.

 

[Mike Lynch]

Sorry to have to ask for more help.
I may not have de-installed the Software that we used to disinfect my System PROPERLY.
I say “may not have” because I do not remember; I’m 68 and loosing it quickly, "memory / pun".
The symptom I see is: 1 GB of Memory is not available for Windows-7 to use.
I have used the Hardware Form to insure it’s not a Hardware failure to include replacing the Memory.
If you will, please tell me how to de-install what we installed one more time.
If you can, perhaps consider what would cause 1GB of 4 GB’s to be “unavailable”.
I will include several Screen Shots.
Thanks again for your help and understanding.
Best regards,
Mike Lynch

 

[AlterUrEgo]

Off the subject:
Looking at your resource monitor, I had a look at mine and I got 1 meg of Hardware Reserved memory and you have 1035 megs. Thats 1/4 of your physcial memory and probably bogging you down.
I would look into whats taking up that much memory.

 

[Jacee]

Sorry to have to ask for more help.
I may not have de-installed the Software that we used to disinfect my System PROPERLY.
I say “may not have” because I do not remember; I’m 68 and loosing it quickly, "memory / pun".
The symptom I see is: 1 GB of Memory is not available for Windows-7 to use.
I have used the Hardware Form to insure it’s not a Hardware failure to include replacing the Memory.
If you will, please tell me how to de-install what we installed one more time.
If you can, perhaps consider what would cause 1GB of 4 GB’s to be “unavailable”.
I will include several Screen Shots.
Thanks again for your help and understanding.
Best regards,
Mike Lynch

Did you uninstall Combofix as instructed above?
Please scroll down in this link ComboFix: A guide and tutorial on using ComboFix
To uninstall ComboFix from Windows Vista or Windows 7 please perform the following steps:

Now, reboot/ restart your computer.

 

[Mike Lynch]

It appears like I had removed Combo, perhaps it's one of the other two?

 

[Mike Lynch]

The Link below solved my dilemma quickly and effectively.
If you have the same dilemma, ignore other recommendation and try this one first.
The Author of the Solution, “Nana Warp” cut through the fog and NAILED IT!
http://social.technet.microsoft.com/Forums/en-US/w7itproperf/thread/9946daa7-6cc7-4c67-b4db-d9bc03c63ea6