Avast free scan shows virus- can't Repair or Move to chest

[essexboy]

Migwiz and ace are windows folders, once you have what you need then I would recommend that you delete the folders

[bookend]

Migwiz and ace are windows folders, once you have what you need then I would recommend that you delete the folders

Do you mean delete the migwiz and ace folders, or do you mean it's OK to delete the 15 empty or "not accessible" C:\documents and settings folders I was asking about in my last message? Thanks. I'll soon be done thanks to your great help.

[essexboy]

Aye delete the lot - then this problem should not rear its head again 

[bookend]

Aye delete the lot - then this problem should not rear its head again 

Hi Essex, Can't be deleted. When I tried to delete any folders in C:\documents and settings, it says "canot delete. The files cannot be accessed by the system" - same message when I try to delete empty folders such as "All Users" and several
other folders. I thought that might happen. I think the virus in C:\documents messed things up. But I have decided to leave it as it is in case I delete things that create more problems.

I don't access the C:\documents and folders anyway. The D:\documents and folders is all I really need. When I get around to it, I will format the drive and C:\ will be the boot drive which I was eventually going to do. Its ok the way it is for now.

Thank you for your help and for sticking with me. I  figured when I first posted here, its too difficult for me to run programs you were telling people to run. I had never heard of Malwarbytes or OTL. I was just looking for a virus remover. Something much easier. But with a little push from SafeSurf and Pondus at the start, I decided to give it a try. But without your patience and clear step by step detailed instructions I could never have done it.  Sorry for the questions, but it was the only way I can learn. I learned a lot. You're good!. Thanks again. Hope I don't have to come back for a while
 

[essexboy]

Questions are good, as they also make me think 

Subject to no further problems   

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Commands
  [resethosts]
  [emptytemp]
  [CLEARALLRESTOREPOINTS]
   [Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button.  It will remove all the programmes we have used plus itself. 

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
  
• Click Yes to confirm.
• Click OK.

   Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

 Upgrading Java:

• Go to this site  and click Do I have Java
  
• It will check your current version and then offer to update to the latest version

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?Keep safe  :wave:

[bookend]

Hi Essex,

I thought you had removed your tools a few days ago. What tools are they?

Here is what I did according to your last message:
-Ran OTL and followed your instructions.
-Updated Sun Java
-I usually "show all hidden files" so left that for now.
-I will use Malwarebytes from now on - Its free for virus scanning but you pay a fee
 for Protection - is that right?

I will check the other suggestions you made in your post.

One thing I want to mention is:

When I run Malwarebytes Quick Scan, it shows the same 3 items which I "delete all" but next time I reboot and run scan again, they are usually there again, though sometimes skips a time,  in "Quarantine" tab even after I put checkmark in "delete all" 3 lines the time before. I am attaching a log file of mabm.txt which I copied before deleting the lines. I didn't attach Protection log as its OK.

The 3 lines are identical and say:
PUM.Disabled - Registry Data HKLM\Software\Microsoft\Security Center (Bad (1).
Those 3 lines have been there when I first posted here but won't stay deleted.
What is PUM ? I just did a "Find" in the Registry for PUM and it brought up about 3 or 4 dozen entries  for things such as "free mp3downloads",  "freecasino", free games, etc -I've never been to any of those sites and I am not interested in them. How can I get rid of them?

[essexboy]

The MBAM report is of no real import as they are entirely dependant on how you run your system.. I ignore them on my system

PUM is Possible Unwanted Modification

Of no real import to my mind

That is correct the free MBAM is an on demand scanner, and to be honest that is all you really need it for

OTL is actually the only tool we used - I forgot to remove the "s" from my stock reply system

What area where those sites in ?
As they may be old Spybot entries or IE block entries

[bookend]

PUM is definitely not wanted. see my comments below.

I will keep the free version of MBAM and run it regularly. Right now, I have Protection in trial mode, but I will stick with free. Is there a good free Protection program that is not a trial? I've used Spyware Blaster for quite a while, but I am not sure how effective it is.

Yes, "tools" sounds more mysterious than one "tool" OTL

About PUM's. I looked closer at the Registry. I said there is probably 3 or 4 dozen. More like 2 or 2 hundred entries. I checked some -they are all names from spam /porno /casino sites. They are under HKEY USERS and seem to be all from the same source. They are under Windows\Current Version\Internet settings\ZoneUP. The actual start of the long list is under "ZoneUP" and sub from it is "Domains", then under "Domains" is list names like "gamecard.net", 008i.com, adware.cc, ibieroi.it, google.it, gay.net, family.ru, thespy.cn. - under each name is "www" and on the right side of Registry where Data Value is, they all have the same number 0000004(4) -forget exact number.

I think I saw a few of these names one time a while back when checking something but didn't pay much attention. I saw a couple of spam/casinos sites but was not having a problem so went no further.  When I look now there are a lot more entries than I thought, like gaysites and who knows what. I could probably delete the entire list from ZoneUP, as they are all from the same source. All Data Values are identical on each entry. I wonder if that would cause any problem?  The entries are disabled, but intermittely are picked up again by MABM as being PUM- malicious in Quarantine tab.

I don't think they are old Spybot entries, though not positive. I used to use Spybot sometimes, but never had a problem with it. Spybot didnt seem to run all those entries at one time and how would they end up in the registry if it was spybot?  I doubt they are blocked IE entries. IE doesn't usually block entries unless you use a spam or malware program to tell them, do they? It would involve hundreds of blocked entries which I would think I would have noticed somewhere along the way. I really don't know how they got in the registry.

[essexboy]

Those are part of IE8's blacklist so I would say keep them there.  Also that is why I no longer suggest the MSVP Host file any more as it will be a duplication 
They are basically the restricted sites as set in IE  http://blogs.technet.com/b/heyscriptingguy/archive/2005/05/02/how-can-i-add-a-site-to-internet-explorer-s-restricted-sites-zone.aspx

[bookend]

Those are part of IE8's blacklist so I would say keep them there.  Also that is why I no longer suggest the MSVP Host file any more as it will be a duplication 
They are basically the restricted sites as set in IE  http://blogs.technet.com/b/heyscriptingguy/archive/2005/05/02/how-can-i-add-a-site-to-internet-explorer-s-restricted-sites-zone.aspx

I don't use IE8, though I did install it about a year or more ago. I didn't like it (too much junk and bloated added "features" I didn't like and some other things I can't remember. So I went back to IE7 for the time being. But I guess when I installed IE8, it put in all these domains.

I don't know what the above link means. What does it mean? and why did IE 8.0 put hundreds of spam/porno etc. sites in the registry? What was the purpose? is there any benefit to the computer user? So since these sites were for use in IE 8.0 and I have IE7.0 I should be able to delete them? So far, IE 7.0 runs all the programs I need without problems. I will upgrade later.

P.S. what is the MSVP host file?

[essexboy]

They are kill bits and block access to those sites by putting them in the restricted i.e. don't go here area of of the web.  It is an additional layer of protection IE will not allow access to them

http://winhelp2002.mvps.org/hosts.htm

[bookend]

They are kill bits and block access to those sites by putting them in the restricted i.e. don't go here area of of the web.  It is an additional layer of protection IE will not allow access to them

http://winhelp2002.mvps.org/hosts.htm

Thanks for the link. Looks like you are right about that long list of entries in IE. Maybe its there in Internet 7 as well, though I've never noticed the long list in the Registry, but I never looked at HKEY USERS settings. I never knew IE blocked any sites.
I would have to set my Security to Restricted to enable all those blocked sites which gives Securty High default. I usually use "Internet" which allows me to choose high,medium or low for Security. I choose Medium. If I use Restricted, I will probably not be able to go on a lot of my "regular" sites because of my High restriction setting. Right now, I don't think Restricted sites is Enabled, so doesn't matter if the list of entries is left in the Registry.  When I run Malware Bytes the same 3 PUM will come up , so I guess I will just delete them every time. Thanks.

[bookend]

They are kill bits and block access to those sites by putting them in the restricted i.e. don't go here area of of the web.  It is an additional layer of protection IE will not allow access to them

http://winhelp2002.mvps.org/hosts.htm

Essexboy, thanks for all your help and information. I have learned quite a few things here. It all helps