jmarkar

THanks again... such a trove of information ! One major question just popped into my fatigued brain: I have Carbonite backing me up constantly... it has actually saved me twice in the last two years when major storage devices failed. What chance is there that the viruses have been "backed up" to my Carbonite storage? Should I alert them? Is there any way for me to check or clean up those stored files? John

PS.. Still running great ... I worked for several hours today w/ no more problems. I am in California so time lag appears to be happening... are you in Europe? Thanks for the warning re: combofix. I must have been lucky.

Thanks.... I donated $10. Here is the combofix report. ComboFix.txt

can't locate the combofix report !! do you know what the name of it would be? I'm attaching the fixlog.txt. Ever since I ran the ComboFix, the computer seems to be running great.... I apologize for not following your instructions precisely, but when I saw combofix at the same download location (bleeping computer), I remember that it had saved me a couple of times in the past, the the Bleeping site seemed to be suggesting it. Hopefully it didn't screw anything up, and if it worked... all's well that ends well.. However i'm still nervous, so here is the fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-12-2014Ran by Johnny Fresno at 2014-12-28 03:50:14 Run:1Running from C:\Users\Johnny Fresno\Desktop\New folderLoaded Profile: Johnny Fresno (Available profiles: Johnny Fresno)Boot Mode: Normal============================================== Content of fixlist:*****************closeprocesses:emptytemp:HKU\S-1-5-21-1985589163-2429251767-1297142524-1000\...A8F59079A8D5}\localserver32: <==== ATTENTION!HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1985589163-2429251767-1297142524-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-1985589163-2429251767-1297142524-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKU\S-1-5-21-1985589163-2429251767-1297142524-1000 -> DefaultScope {6305658A-3AC6-42A0-B82F-DE4E047B903C} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKU\S-1-5-21-1985589163-2429251767-1297142524-1000 -> {6305658A-3AC6-42A0-B82F-DE4E047B903C} URL = https://www.google.com/search?q={searchTerms} ***************** Processes closed successfully."HKU\S-1-5-21-1985589163-2429251767-1297142524-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully."HKU\S-1-5-21-1985589163-2429251767-1297142524-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully."HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully."HKU\S-1-5-21-1985589163-2429251767-1297142524-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value deleted successfully.HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.HKU\S-1-5-21-1985589163-2429251767-1297142524-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.HKU\S-1-5-21-1985589163-2429251767-1297142524-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully."HKU\S-1-5-21-1985589163-2429251767-1297142524-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6305658A-3AC6-42A0-B82F-DE4E047B903C}" => Key deleted successfully.HKCR\CLSID\{6305658A-3AC6-42A0-B82F-DE4E047B903C} => Key not found. EmptyTemp: => Removed 960.7 MB temporary data. The system needed a reboot. ==== End of Fixlog 03:51:58 ====

Found the FRST tool. Also found ComboFix on the same page and downloaded it as well. Ran ComboFix. Computer is running OK at the moment. I then ran FRST and am attaching reports. Addition.txt FRST.txt

TwinHeadedEagle, on 27 Dec 2014 - 03:26 AM, said: Thank you.... and I will be very happy to donate. First: where do I get the FRST tool? Second. I have downloaded and run Rkill several times so I have reports available. Third: Even though I shut down Malwarebytes, Anti-rootkit keeps insisting it won't run unless I shut down Malwarebytes... so not sure if I should remove all copies, then try to run Anti-Rootkit. Let me know where to find the FRST tool and I will open my problem in the indicated forum. Thank you..... Problem signature.doc