Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Registry Mechanic repeat Temp Files / Shortcuts and Deep Scan files


  • Please log in to reply
4 replies to this topic

#1 PAKevin

PAKevin

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 31 October 2009 - 05:48 PM

I'm seeing the same four files repeat in the Temp Files / Shortcuts section of a Registry Mechanic scan.

\C:\ProgramData\McAfee\VirusScan\Data\TFRBBC1.tmp
\C:\ProgramData\Microsoft\Search\Data\Application\Windows\MCC.chk
\C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp
\C:\Users\Kevin\AppData\Local\Microsoft\Windows Mail\edb.chk

I'm also seeing the following two files in the Deep Scan section.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\7971f918-a847-4430-9279-4a52d1efe18d
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\9482fb4-e343-43b6-b170-9a65bc822c77

Recent history: Less than a week ago, during a routine McAfee antivirus scan I discovered a half dozen files associated with the Artemis trojan. Several months earlier I found and debugged (also with McAfee) a different trojan. And the laptop has been slow for several weeks/months.

In anticipation of getting help here I tried running RootRepeal. That ran for more than 24 hours. So I stopped it. Then I tried running SysProt AntiRootkit. But McAfee wouldn't accept it and returned the following message.

McAfee has automatically blocked and removed a Trojan.
About this Trojan
Detected: Artemis!9CE216C69E21 (Trojan), Artemis!9CE216C69E21 (Trojan)

In general the laptop runs slow. And I suspect it's infected. Any help will be greatly appreciated. Thanks. What should I do first?

Regards,


Kevin

BC AdBot (Login to Remove)

 


#2 PAKevin

PAKevin
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 06 November 2009 - 01:06 PM

Anybody have time to help with this one?

#3 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:22 AM

Posted 07 November 2009 - 10:31 PM

Welcome to BC

:trumpet:
Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
===========================

:flowers:
Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.
--------------------------------------


:thumbsup: Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 PAKevin

PAKevin
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 14 November 2009 - 04:27 AM

Thanks garmanma. And sorry for not responding sooner. I got busy with work and school. And I waited too long. Last night the laptop went south...the deep south. It won't even boot.

I had been using it as usual...with slow response...but all functionality worked. So last night after checking email I closed the lid. A couple of hours later I opened it, saw a lot of blue lights but nothing on the screen. So pressed the esc key and...nothing. So I pressed and held the on/off button...waited a moment and turned it back on. Now it's in a loop where the blue lights come one for a minute or two. Then all lights go off for a second. The the blue lights come back on for a minute or two. And nothing on the screen. Is it toast? Is there anything I can do to recover from this?

Thanks.

#5 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:04:22 AM

Posted 14 November 2009 - 06:56 PM

You can try various rescue disks and maybe at least get it to boot to where you can continue
I believe people have had the most success with:
Vipre rescue disk
http://live.sunbeltsoftware.com/
Remember that you have to go into the BIOS and change the CD drive to the first boot device



Have you tried using System Restore from a command prompt in Safe Mode to return to a previous state before your problems began?

If that doesn't work. these are links to Anti-virus vendors that offer free LiveCD or Rescue CD utilities that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Note: In order to use a rescue disk, the boot order must be set to start from the CD-ROM drive. If the CD is not first in the boot order, the computer will attempt to start normally by booting from the hard drive. The boot order is a setting found in the computerís BIOS which runs when it is first powered on. This setting controls the order that the BIOS uses to look for a boot device from which to load the operating system. The default will normally be A:, C:, CD-ROM. Different computers have different ways to enter the BIOS. If you're not sure how to do this, refer to:
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users