# NEED HELP! windows defender is turned off by group policy



## alessia23 (Feb 9, 2010)

Hi everyone I just signed up today and I need help. Yesterday after surfing the web I deleted my expired trial verson of Mc Afee, then shortly after I started to experiance some problems on my laptop first I was promt with an error message that said something like:

* could not locate Winzyt32.rom*

Then I received this message:

*Windows defender is turned off by group policy*
* Windows defender won't provide protection against harmfull or potentially unwanted software*
* and it won't send you alerts because it's off.*
* To help potect your computer against harmful or potentially unwanted sofware, contact your *
* system administrator to enable windows defender via group policy.*

I tried to fix it myself by doing a system restore, but that only got rid of the *Winzyt32.rom *error. The same windows defender message pops up every time I start up my laptop ( Dell Studio runing Vista ). I don't know what to do I can't seem to open windows defender at all and my computer is running very slowly. I downloaded a trial version of Trend Micro Internet security this is running on my computer at the moment.
Please Help ASAP!


----------



## helpful (Sep 18, 2009)

To enable Windows Defender please follow the below sterps. I would strongly recommend after applying this fix and uninstalling all your anti virus products, switch to Microsoft security essentials which is free fully featured real-time Microsoft anti-virus/malware product.

http://www.microsoft.com/Security_Essentials/

1. Please copy and paste the text between the cut lines into notepad. 
2. Save the file as FIX_DEFAV.REG. 
3. Double Click on the FIX_DEFAV.REG and confirm adding to registry
4. run "gpupdate /force" from the command line
4. Attempt to access windows defender again, please let us know the results

-----CUT-----------
REGEDIT4
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=-

 -----CUT-----------


----------



## Patrickv (Feb 10, 2010)

that is very odd that it changes group policy. software is not allowed 2 do that


----------



## flavallee (May 12, 2002)

Alessia:

*Windows Defender* does a crappy job, so don't worry so much if it's not running. I actually keep it turned off in my Vista desktop.

Be careful with using System Restore for every little quirk that pops up because you can make things even worse.

Something is going on with your computer, so let's see what a HijackThis log looks like.

Go here to download and save *Trend Micro HijackThis 2.0.3*. Close all open windows first, then install it in its default location. Run a scan with it - which should take 30 seconds or less. Save the resulting log in Notepad. Return here, then copy-and-paste the entire log here.

If you've uninstalled McAfee, it'll leave file and registry remnants behind that should be gotten rid of. Go here to download and save *McAfee Consumer Product Removal Tool*. Close all open windows first, then run the tool and follow its directions. Restart your computer afterwards.

--------------------------------------------------------------


----------



## alessia23 (Feb 9, 2010)

hey guys,

sorry for the late reply. Yesterday I did what Helpful suggested at the top of the page and now Windows Defender is working again. I also installed Microsoft Security Essentials, when I opened the program it said Computer status at risk and suggest that I update the definitions but when I click update I am promt with this error:

* Virus and spyware definition update failed*
* error code: 0x80072efd*
* Microsoft Security Essentials couldn't detect an internet connection.*
* check your internet connection and then try again.*

but there's nothing wrong with my internet connection so I don't understand. Does anyone have any ideas? Microsoft Security Essentials also says that real time protection is off but it is on. Im also getting random popups even when I'm not surfing the web.


----------



## flavallee (May 12, 2002)

Alessia:

Please follow my previous instructions for posting a HijackThis log here.

-----------------------------------------------------------------

If you've got both *Trend Micro Internet Security* and *Microsoft Security Essentials* installed in that computer, they're probably fighting with each other.

------------------------------------------------------------------


----------



## alessia23 (Feb 9, 2010)

Flavallee

I deleted all the anti virus software ( mc afee and trend micro ) before I installed Microsoft Security Essentials. I am in the process of doing the HijackThis log that you previosly instructed. I get back to you with the results. 

thankyou


----------



## alessia23 (Feb 9, 2010)

hi evryone,

ok I am now having trouble with the Trend Mirco HijackThis logo. when I click scan I receive this:

* For some reason your system denied write access to the hosts file.*
* If any hijacked domains are in this file, HijackThis may not be able to fix this.*

* If that happens, you need to edit the file yourself. To do this, click Start, Run and type*

* notepad C:\Windows\System32\drivers\etc\hosts*

* and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as*
* 'hosts' and reboot.*

* For Vista: simply exit HijackThis right click on icon choose 'run as administrator'.*

Well I tried both of these options with no success. I tried to run notepad C:\Windows
\System32\drivers\etc\hosts but after I deleted the lines I tried to save the file as 'hosts' but I got this message:

*C:\Windows\System32\drives\etc\'hosts'.txt *
* you don't have permission to save in this location.*
* Contact the administrator to obtain permission.*

* would you like to save in the documents folder instead?*

So I then tried to run the program as administrator but it wouldn't let me, the run in separate memory space has been selected and I can't change it.
please help


----------



## flavallee (May 12, 2002)

Alessia:

I'm not there to look at your computer, so I don't why you're having trouble with *Windows Defender* and *HijackThis*.

Start HijackThis again, but don't run a scan.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click the "Save List" button.

Save the "uninstall_list.txt" file somewhere. It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

-------------------------------------------------------------------


----------



## Phantom010 (Mar 9, 2009)

Try version *2.0.2* instead. Click *HERE*.

Version 2.0.3 is still in the Beta stage and seems to have a few minor bugs, like the one you are experiencing with Vista.

Trend Micro don't look like they are going to fix anything with HijackThis nor support 64-bit.


----------



## flavallee (May 12, 2002)

That sounds like a plan. Uninstall version 2.0.3 and then install version 2.0.2 and then see if you can run a scan.

Version 2.0.3 has been working fine for me in both XP(32-bit) and Vista(32-bit), but I guess it can be "funky" in some other computers.

--------------------------------------------------------------------


----------



## Phantom010 (Mar 9, 2009)

I prefer version 2.0.2. It's a lot simpler to install than v.2.0.3 and works flawlessly. 

On my computer, for an unknown reason, v.2.0.3 shows a few of my Windows Services in the 023 services list!?!

Besides, I really don't see any improvement in the latest version. We now see 022 entries with the standard files and that's about it. If a nasty does get involved with that location, version 2.0.2 will show it anyway.


----------



## alessia23 (Feb 9, 2010)

Ok thanks guys, I will uninstall version 2.0.3 and then install version 2.0.2 and run a scan. I will keep you guys updated.


----------



## alessia23 (Feb 9, 2010)

Ok well good news version 2.0.2 worked and I was able to do a scan. Here is the entire log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:50 AM, on 13/02/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\msc.exe
C:\Windows\system32\taskeng.exe
C:\Users\ALESSA~1\AppData\Local\Temp\Mgx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIENP.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/USCON/19
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shareware.pro/?lang=en
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.optus.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shareware.pro/?lang=en
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareware.pro/?lang=en
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Sensible Vision\Fast Access\FAIESSO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON TX700W Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIENP.EXE /FU "C:\Windows\TEMP\E_S563A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winzyt32.rom,EplPLE
O4 - HKCU\..\Run: [F5JMWNZTHI] C:\Users\ALESSA~1\AppData\Local\Temp\Mgx.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C48D69F-6B40-445E-8538-AE4B4000690A}: NameServer = 93.188.164.222,93.188.166.43
O17 - HKLM\System\CCS\Services\Tcpip\..\{A611A37F-CC84-4238-BA83-46C22CAC73E7}: NameServer = 93.188.164.222,93.188.166.43
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC7163E9-6098-4896-A0DD-45D93490FE9D}: NameServer = 93.188.164.222,93.188.166.43
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.222,93.188.166.43
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C48D69F-6B40-445E-8538-AE4B4000690A}: NameServer = 93.188.164.222,93.188.166.43
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.222,93.188.166.43
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: FastAccess - C:\Program Files\Sensible Vision\Fast Access\FALogNot.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: FAService - Sensible Vision - C:\Program Files\Sensible Vision\Fast Access\FAService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\ACFXAU32.exe
--
End of file - 12462 bytes


----------



## Phantom010 (Mar 9, 2009)

Your computer is infected. Please click on the *Report* button and kindly ask to be moved to the *Malware Removal & HijackThis Logs* forum. From there, be patient. You should get an answer within the next 48 hours. These guys are really busy!​


----------



## flavallee (May 12, 2002)

Go into these 2 temp folders and delete EVERYTHING from inside them.

C:\Users\Alessa~1\AppData\Local\*Temp*

C:\WINDOWS\*Temp*

Don't be surprised to see a huge amount of files and folders in the first temp folder. It's all junk and is a good place for a "nasty" to hide, so delete it all. If a few files resist deletion, leave them alone and delete everything else. Empty the Recycle Bin afterwards, then restart your comptuer.

---------------------------------------------------------------

These log entries:

*O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winzyt32.rom,EplPLE

O4 - HKCU\..\Run: [F5JMWNZTHI] C:\Users\ALESSA~1\AppData\Local\Temp\Mgx.exe*

shouldn't be in the list of startup entries. Click "Report", as advised, and request your thread be moved to the malware section for assistance by a gold shield malware expert.

--------------------------------------------------------------


----------



## alessia23 (Feb 9, 2010)

bump


----------



## flavallee (May 12, 2002)

Alessia:

Your thread is in the "Malware Removal & HijackThis Logs" section now. You need to wait 24 - 48 hours until a gold shield malware expert responds and gives you instructions.

----------------------------------------------------------------


----------



## dvk01 (Dec 14, 2002)

Please download Malwarebytes' Anti-Malware to your desktop
from HERE or  HERE 

Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

Update Malwarebytes' Anti-Malware. Launch Malwarebytes' Anti-Malware. Then click Finish.

If an update is found, it will download and install the latest version. Press Update to make sure the latest database is loaded. 
Once the program has loaded, select Perform quick scan, then click Scan. 
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. 
Please include this log in your next reply.

It might ask you to reboot to finish cleaning. Please do so. ( Press YES on the alert) 
If you receive an (Error Loading xxxxxxxxxx .dll) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it continues on every boot


----------



## alessia23 (Feb 9, 2010)

hi dvk01,

thanks for replying. I downloaded Malwarebytes Anti-Malware but I am having trouble when I press update to make sure the datedase is loaded, I'm promt with this error:

*An error occurred.*
*Please report the following error code to the Malwarebytes Anti-Malware support team.*
*error code 732(12007,0)*

what should I do? should I just run a quick scan?


----------



## dvk01 (Dec 14, 2002)

that is normaly an update error

http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162097&#entry162097


----------



## flavallee (May 12, 2002)

Alessia:

If DVK01's instructions don't work, go here and click the "Author's Site" link to download and save the file.

Close all open windows first, then double-click it to install it.

Restart MBAM after it's installed, then click Update(tab).

It should show database version 3740 or higher.

------------------------------------------------------------


----------



## alessia23 (Feb 9, 2010)

My computer has been fixed now so thankyou so much for your help DVK01 and Flavalle.
God bless and keep up the good work.

alessia23


----------



## flavallee (May 12, 2002)

alessia23 said:


> My computer has been fixed now so thankyou so much for your help DVK01 and Flavalle.
> God bless and keep up the good work.
> 
> alessia23


Alessia:

Wait until *dvk01* gives you the "all clear". There may be further instructions to follow.

And you're welcome. 

-------------------------------------------------------------------


----------



## dvk01 (Dec 14, 2002)

post the log MBAM made & a fresh HJT log please


----------

