rgb192
asked on
defender windows 7 error message
computer different language ran combofix
can not run windows defender
can not run windows defender
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
install MS Security Essentials
how?
and does this do both spyware and virus
how?
and does this do both spyware and virus
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
http://windows.microsoft.com/en-us/windows/security-essentials-download
does this do everything with windows 7?
does this do everything with windows 7?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
anti-rootkit is the only tab with information
2nd time running scan
should i delete these files
this is the report
2nd time running scan
should i delete these files
this is the report
RogueKiller V10.0.3.0 (x64) [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Robert [Administrator]
Mode : Scan -- Date : 10/23/2014 17:45:27
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 34 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SweetIM : C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Windows\CurrentVersion\Run | Yahoo! Search : C:\Users\Robert\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Windows\CurrentVersion\Run | Yahoo! Search : C:\Users\Robert\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0AyDzzyEtA0C0DyByEyCtN0D0Tzu0CyCyCtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=116513266&ir= -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0AyDzzyEtA0C0DyByEyCtN0D0Tzu0CyCyCtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=116513266&ir= -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://rts.dsrlte.com?affID=na -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://rts.dsrlte.com?affID=na -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3D2D8DCA-7146-4637-A7ED-EDF659C3D285} | DhcpNameServer : 213.80.101.3 213.80.98.2 -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8BDB9671-64F6-44D0-B64A-F9F4384AC35E} | DhcpNameServer : 209.18.47.61 209.18.47.62 -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3D2D8DCA-7146-4637-A7ED-EDF659C3D285} | DhcpNameServer : 213.80.101.3 213.80.98.2 -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8BDB9671-64F6-44D0-B64A-F9F4384AC35E} | DhcpNameServer : 209.18.47.61 209.18.47.62 -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3D2D8DCA-7146-4637-A7ED-EDF659C3D285} | DhcpNameServer : 213.80.101.3 213.80.98.2 -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8BDB9671-64F6-44D0-B64A-F9F4384AC35E} | DhcpNameServer : 209.18.47.61 209.18.47.62 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \\Yahoo! Search -- C:\Users\Robert\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe -> Found
[Suspicious.Path] \\Yahoo! Search Udpater -- C:\Users\Robert\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrsetup.exe -> Found
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 3 ¤¤¤
[PUP][FIREFX:Addon] f0mfwzvp.default : mysearchdial.com [ffxtlbr@mysearchdial.com] -> Found
[PUP][FIREFX:Addon] f0mfwzvp.default : MySearchDial [{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}] -> Found
[PUM.HomePage][FIREFX:Config] f0mfwzvp.default : user_pref("browser.startup.homepage", "http://rts.dsrlte.com?affID=na"); -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 419715f6912ab3416d80402d76f7d4c6
[BSP] 2c1614e2c06e79278a040ed2b5ff4bd1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 17408 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 35653632 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 35858432 | Size: 697894 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_10232014_173605.log
rgb192--
How is this related to your original question? Has that been solved?
How is this related to your original question? Has that been solved?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for rgb192's comment #a40396225
Assisted answer: 167 points for jcimarron's comment #a40394851
Assisted answer: 167 points for nobus's comment #a40396281
Assisted answer: 166 points for nobus's comment #a40399904
for the following reason:
tnanks for tools
Accepted answer: 0 points for rgb192's comment #a40396225
Assisted answer: 167 points for jcimarron's comment #a40394851
Assisted answer: 167 points for nobus's comment #a40396281
Assisted answer: 166 points for nobus's comment #a40399904
for the following reason:
tnanks for tools
tx for feedback
ASKER
so I should use security esentials instead of windows defender and combofix / rogue killer for a badly infected machine.
Thanks.
Thanks.
on a fresh system, i install an AV (free for personal use) - paid for business
that's all
i only install the others when needed
that's all
i only install the others when needed
rgb192--
"so I should use security esentials instead of windows defender and combofix / rogue killer for a badly infected machine."
I suggest you also install the free edition of MalwareBytes and run a scan every week or so.
Glad to have helped.
"so I should use security esentials instead of windows defender and combofix / rogue killer for a badly infected machine."
I suggest you also install the free edition of MalwareBytes and run a scan every week or so.
Glad to have helped.
ASKER
There is no fix, just words
Could you please send a fix to make windows defender work?