Search:

Windows 7 - S&D 1.5 - S&D antivirus updates keep failing. Also s.th. starts a deluge of processes of SDOnAccess.exe and blindman.exe - last try over 570.
Help

Hi Juliet,
Yes, I think I'm ready to remove quarantine and help files.
Thank you.

Hi Juliet
Sorry for delay. Was gone for a day.

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2014
Ran by Karin at 2014-02-19 19:52:38 Run:2
Running...

ESET Scan Log:

C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmApp.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application
C:\Program...

Hi Tashi....
Missed Juliet's last post....

Z.exe is on my desktop.

Thank you.

Just spend several days with Juliet cleaning both my desktop and laptop.:laugh: Thank you.
Now I'm having trouble with Excel. When opening a .xls file, the microsoft security window asked for...

Windows Firewall remained on green and I was able to re-enable Windows Defender.

Things seem to run a bit faster.

Thank you so much for your help. Both machines up and running! :)

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.17.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Karin :: KARIN-HP...

JRT worked.....just took a long time:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home...

JRT scanning for 2+ hours....stuck at "Registry"?!?!?

I will go on to Malwarebytes.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-02-2014
Ran by Karin at 2014-02-16 18:28:15 Run:1
Running from C:\Users\Karin\Desktop
Boot Mode: Normal...

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-02-2014
Ran by Karin at 2014-02-16 16:06:56
Running from C:\Users\Karin\Desktop
Boot Mode: Normal...

FRST.txt - Part 2 of 2:

==================== One Month Created Files and Folders ========

2014-02-16 16:04 - 2014-02-16 16:06 - 00050185 _____ () C:\Users\Karin\Desktop\Addition.txt
2014-02-16...

Hi Juliet - will paste in several replies:

FRST.TXT - Part 1:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by Karin (administrator) on KARIN-HP on 16-02-2014...

This is my laptop. We cleaned the desktop. :(

Here is the AdwCleaner log (after clean/fix):

# AdwCleaner v3.018 - Report created 15/02/2014 at 21:55:52
# Updated 28/01/2014 by Xplode
#...

Hi,
Having trouble on my HP laptop w/Win 7 - I am unable to enable Windows Defender and s.th. appears to turn off Windows Firewall. I'm running SpyBot Home Edition, also cleaned with AdwCleaner...

Thanks so much, Juliet.
Will study your preventive tips.
Have a great day!

Hi,
got QB working again.
No other errors at this time.

Hi Juliet,

Just encountered one problem: my QB is now not opening stating a Run Time Error on its its qb32.exe file. It says the application requested Runtime to terminate it in an unusual...

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-02-2014 01
Ran by KIP at 2014-02-12 18:01:24 Run:3
Running from C:\Users\KIP.OnscreenOffice\Desktop
Boot...

Here's the ESET Scan result:

C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe Win32/Toolbar.Conduit potentially unwanted application
C:\Program Files...

should I still run the ESET scanner? without being able to run TFC.exe?

Unable to run TFC - error message "this file is not compatible with your version of Windows"

Hi Juliet,

Here is the MBAM log - it shows clean:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.12.01

Windows 7 Service Pack 1 x64 NTFS

AdwCleaner log:

# AdwCleaner v3.018 - Report created 11/02/2014 at 15:17:02
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : KIP...

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-02-2014 01
Ran by KIP at 2014-02-11 15:14:39 Run:2
Running from C:\Users\KIP.OnscreenOffice\Desktop
Boot...

Qoobox Log - Part 2 of 2:

2013-09-13 16:08:10 . 2013-09-13 16:08:10 20,698 ----a-w- C:\Qoobox\Quarantine\C\Users\KIP.OnscreenOffice\AppData\Local\Microsoft\Windows\Temporary Internet...

Qoobox log - Part 1:

2014-02-11 22:43:55 . 2014-02-11 22:43:56 236 ----a-w- ...

Combofix log - Part 4 of 4

.
[HKEY_USERS\S-1-5-21-426381243-3783371907-2229632007-1004_Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_67"
....

Combofix log - Part 3:

.
[HKEY_USERS\S-1-5-21-426381243-3783371907-2229632007-1004_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_20"
....

Combofix log - Part 2:

.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN...

Combofix log - Part 1

ComboFix 14-02-11.01 - KIP 02/11/2014 14:35:40.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7657.4543 [GMT -8:00]
Running from:...

Addition log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by KIP (administrator) on ONSCREENOFFICE on 11-02-2014 10:04:45
Running from...

Hi Juliet,
Thank you for our response.
I will be posting the logs in 2 separate replies - as together they appear to have too many characters (received error message).

Scan result of Farbar...

Hi,
Last week Zone Alarm detected 'backdoor.win32.androm.bmne' - treatment showed as 'treated' - ZA log showed it was located in a Thunderbird email attachment. New ZA logs show nothing. However, I...