agrvt

Thanks for clearing that up for me. I truly appreciate the help and am very glad to now have everything working as it should be.

I'm not so sure that I'm truly "out of the woods", so to speak. I ran Roguekiller again and here's the log, still with reports of hiding icons PLUS it killed 2 instances of problematic software ---including ZeroAccess---yet a scan by Malwarebytes detects nothing. Is that really normal? RKreport_SCN_07042014_180138.log

I'm very pleased to report that uninstalling via the MWB uninstall tool and doing a reinstall has solved the problem. I am puzzled, though, as to why the Roguekiller log mentions registry keys for hiding desktop icons and why the Roguekiller log does not appear on the desktop.

I ran Roguekiller but had my NAV running, is that OK? I'm afraid to disable it for fear of making things worse. If I need to temporarily disable it and disconnect from the internet, please let me know. The log does not appear on the desktop and despite copying it, it will not paste here. I can email the log, as I was able to copy it to an email that I sent to myself. The log isn't on the desktop because the malware has modified the registry to hide desktop icons, according to Roguekiller.

Initially, I was going to try that but there is a 3-4 business day backlog and I'm rather distressed about the computer being messed up. Waiting 3-4 business days for help is too long to wait. Truly, I'm bummed. I had thought that getting the Pro version would have kept me from having a problem. I thought I used the internet safely but obviously I either did something wrong or someone found a chink in the MWB armor. Kevin, your help would be appreciated.

I had my MWB Premium set to scan every day and update daily, yet this evening I noticed that I could not run a scan. I looked in the settings and found that realtime protection was disabled, but pressing the Fix Now button did nothing....so I rebooted. Problem worsened to the point that even the user console doesn't load. I tried all 13 Chameleon buttons to no avail---kept getting variants of this "A reboot is recommended to remove temporary directory C:\ProgramFiles<86>\MalwarebytesAnti-Malware\Chameleon\Windows\qynhs" with the last part changing to \irewtit OR \dlgyj OR \scugshjdd AND SO ON Obviously, it isn't just a random glitch. I also tried running MWB Premium and Chameleon in Safe Mode--also futile. A pop-up screen appears stating "The execution unknown software exception (0x40000015) occurred in the application at 0x73b4d6fd. Click on OK to terminate the program" The other program's message was the same except for 0x740ab6fd being the location of the exception (I don't recall if the 1st was the Chameleon message or the MWB Premium message.) So basically some crook has messed up my computer----and many other people's as well judging by the 3-4 day backlog of help requests to MWB support. I downloaded and ran Farbar but the mbam check would not run. FRST.txt Addition.txt

Sincere thanks for all the work you've done with me. It's great to have the computers back to being usable.

Results of screen317's Security Check version 0.99.77 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton AntiVirus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 6 Update 31 Java SE Runtime Environment 6 Java 6 Update 3 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Norton AntiVirus Engine 18.7.1.3 ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 % ````````````````````End of Log``````````````````````

Good morning MrCharlie! The computer is working much faster now.

Thanks for following this and the other computer throughout the day!

IE froze a couple of times when atempting to post, which is hopefully just a fluke. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.15.11 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Mr Do :: FINALLY [administrator] 11/15/2013 9:46:57 PM mbam-log-2013-11-15 (21-46-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 270287 Time elapsed: 10 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

# AdwCleaner v3.012 - Report created 15/11/2013 at 21:25:57 # Updated 11/11/2013 by Xplode # Operating System : Windows Vista Home Premium Service Pack 2 (32 bits) # Username : Mr Do - FINALLY # Running from : C:\Users\Mr Do\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files\Uniblue\DriverScanner Folder Deleted : C:\Users\Mr Do\AppData\Roaming\Uniblue\DriverScanner File Deleted : C:\Users\Public\Desktop\driverscanner.lnk ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} Key Deleted : HKCU\Software\Uniblue Key Deleted : HKLM\Software\Uniblue ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16520 ************************* AdwCleaner[R0].txt - [1147 octets] - [15/11/2013 21:13:29] AdwCleaner[s0].txt - [939 octets] - [15/11/2013 21:25:57] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [998 octets] ##########

ComboFix log attached ComboFix.txt

The document's contents are as follows... Results of screen317's Security Check version 0.99.77 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton 360 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 6 Update 33 Java 6 Update 5 Java version out of Date! Adobe Flash Player 11.9.900.117 Adobe Reader 8 Adobe Reader out of Date! Google Chrome 30.0.1599.101 Google Chrome 31.0.1650.57 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Exploit mbae.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 % ````````````````````End of Log``````````````````````