Bundled Wise Uninstaller

July 9, 2014, 12:06 am

≪ Previous: Can't delete / move / do anything with an .exe file (which downloaded automatically!)

FRST.txt log is not complete, attach the full and complete log as you did with the secondary log Addition.txt..

The log (FRST.txt) will be in this folder C:\FRST\Logs

↧

Possible malware Adobe flash

July 9, 2014, 1:28 am

≫ Next: movilegeni daemon

≪ Previous: Bundled Wise Uninstaller

We need to take a different path to get rid of that Kaspersky service, there must be more of Kaspersky in the system which is protecting it from deletion.

How well is the system running now?

We need to do a search of the system to find all entries for Kaspersky and that service.

Please download SystemLook from the following link below and save it to your Desktop.

SystemLook (64-bit)

Double-click SystemLook.exe to run it.
Vista/Windows 7 users right-click and select Run As Administrator.
Copy and paste everything in the codebox below into the main textfield:

Code:

:filefind

*klif*

*kaspersky*

folderfind:

*klif*

*kaspersky*

regfind:

klif

kaspersky

service:

klif

Click the Look button to start the scan.
When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
Please copy and paste the contents of that log in your next reply.

↧

movilegeni daemon

July 9, 2014, 2:13 am

≫ Next: help I have a virus of sorts

≪ Previous: Possible malware Adobe flash

Please also explain what you mean by this:

Quote:

I ran System File Checker but it came back 4.0.

↧

help I have a virus of sorts

July 9, 2014, 2:13 am

≫ Next: avaast blocking web pop ups from process svchost.exe

≪ Previous: movilegeni daemon

Please tell me if this is right i'm trying my best..As you may have guessed not up to speed with computers.
Content of fixlist:
*****************
Task: {5E78D7BD-2AE5-4303-B7C8-2017FE24E1BE} - System32\Tasks\ViewPassword Update => C:\Program Files\ViewPassword-soft\ViewPasswordW11.exe <==== ATTENTION
Task: {7A9D60ED-75E2-4B26-82CF-72E239109BDC} - System32\Tasks\MySearchDial => C:\Users\Admin\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {A51911D7-D038-4EEB-AD61-5A56DC920793} - System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl => C:\Users\Admin\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchro me.exe [2014-07-08] (Sien SA)
Task: {A753E0A2-E3E7-48C1-AFD9-25B7DB982C67} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-07-08] (globalUpdate) <==== ATTENTION
Task: {E2EF40B8-6890-454F-8FD0-F04DC1CA1F4D} - System32\Tasks\ViewPassword_wd => C:\Program Files\ViewPassword-soft\ViewPasswordFIXQNw.exe <==== ATTENTION
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\Admin\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:1234ADAE
AlternateDataStreams: C:\ProgramData\TEMP:1B389835
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:4B6A9FDA
AlternateDataStreams: C:\ProgramData\TEMP:5080697C
AlternateDataStreams: C:\ProgramData\TEMP:52C24010
AlternateDataStreams: C:\ProgramData\TEMP:9491C9C7
AlternateDataStreams: C:\ProgramData\TEMP:96838F8A
AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211
AlternateDataStreams: C:\ProgramData\TEMP:C22674B6
AlternateDataStreams: C:\ProgramData\TEMP:C63E7DE2
AlternateDataStreams: C:\ProgramData\TEMPE875C30
AlternateDataStreams: C:\ProgramData\TEMP:EFECABA9
Smartbar
C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe
C:\Users\Admin\AppData\Local\Smartbar\Application\Lrcnta.exe
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts...XX6RABBAXH&i=p sd&t=3455760bd&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts...XX6RABBAXH&i=p sd&t=3455760bd&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?type=ds&ts...XX6RABBAXH&i=p sd&t=3455760bd&q={searchTerms}
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: SmartbarInternetExplorerBHOEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: DataMngr - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\BROWSE~1.DLL No File
BHO: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
FF Plugin: TorchVLC - C:\Users\Admin\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll (VideoLAN)
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\10.2.0.3
S2 Update LinkiDoo; "C:\Program Files\LinkiDoo\updateLinkiDoo.exe" [X]
2014-07-08 14:29 - 2014-07-08 14:29 - 00000000 ____D () C:\Systweak
2014-07-08 15:15 - 2014-04-01 13:15 - 00000292 _____ () C:\Windows\Tasks\MySearchDial.job
2014-07-08 15:06 - 2014-04-01 13:14 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\systweak
2014-07-08 14:56 - 2014-04-01 12:53 - 00000000 ____D () C:\ProgramData\TorchCrashHandler
2014-07-08 14:29 - 2014-07-08 14:29 - 00000000 ____D () C:\Systweak
2014-06-30 17:34 - 2014-04-01 13:14 - 00018272 _____ (System Speedup) C:\Windows\system32\roboot.exe
2014-06-12 10:10 - 2014-06-12 10:09 - 08052304 _____ () C:\Users\Admin\Downloads\HSS-3.42-install-hss-560-conduit.exe
2014-06-10 18:04 - 2014-04-01 12:53 - 00001550 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2014-06-10 17:53 - 2014-04-01 12:50 - 00000000 ____D () C:\Users\Admin\AppData\Local\Torch
C:\Users\Admin\AppData\Local\Temp\BearShare_setup.exe
C:\Users\Admin\AppData\Local\Temp\conduitinstaller.exe
*****************

'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E78D7BD-2AE5-4303-B7C8-2017FE24E1BE}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E78D7BD-2AE5-4303-B7C8-2017FE24E1BE}' => Key deleted successfully.
C:\Windows\System32\Tasks\ViewPassword Update => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ViewPassword Update' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A9D60ED-75E2-4B26-82CF-72E239109BDC}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A9D60ED-75E2-4B26-82CF-72E239109BDC}' => Key deleted successfully.
C:\Windows\System32\Tasks\MySearchDial => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A51911D7-D038-4EEB-AD61-5A56DC920793}'=> Key not found.
C:\Windows\System32\Tasks\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A753E0A2-E3E7-48C1-AFD9-25B7DB982C67}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A753E0A2-E3E7-48C1-AFD9-25B7DB982C67}' => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E2EF40B8-6890-454F-8FD0-F04DC1CA1F4D}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2EF40B8-6890-454F-8FD0-F04DC1CA1F4D}' => Key deleted successfully.
C:\Windows\System32\Tasks\ViewPassword_wd => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ViewPassword_wd' => Key deleted successfully.
C:\Windows\Tasks\MySearchDial.job => Moved successfully.
C:\ProgramData\TEMP => ":1234ADAE" ADS removed successfully.
C:\ProgramData\TEMP => ":1B389835" ADS removed successfully.
C:\ProgramData\TEMP => ":206470A5" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":4B6A9FDA" ADS removed successfully.
C:\ProgramData\TEMP => ":5080697C" ADS removed successfully.
C:\ProgramData\TEMP => ":52C24010" ADS removed successfully.
C:\ProgramData\TEMP => ":9491C9C7" ADS removed successfully.
C:\ProgramData\TEMP => ":96838F8A" ADS removed successfully.
C:\ProgramData\TEMP => ":9BAC4211" ADS removed successfully.
C:\ProgramData\TEMP => ":C22674B6" ADS removed successfully.
C:\ProgramData\TEMP => ":C63E7DE2" ADS removed successfully.
"AlternateDataStreams: C:\ProgramData\TEMPE875C30" => "AlternateDataStreams: C:\ProgramData\TEMPE875C30" ADS not found.
C:\ProgramData\TEMP => ":EFECABA9" ADS removed successfully.
C:\Users\Admin\AppData\Local\Smartbar\Application\Smartbar.exe => Moved successfully.
C:\Users\Admin\AppData\Local\Smartbar\Application\Lrcnta.exe => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value deleted successfully.
'HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\DatamngrCoordinator.exe' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}' => Key deleted successfully.
'HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}' => Key deleted successfully.
'HKCR\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}' => Key deleted successfully.
'HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}' => Key deleted successfully.
'HKCR\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}' => Key deleted successfully.
'HKCR\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}' => Key deleted successfully.
'HKCR\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
'HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'=> Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.
'HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}' => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3004627E-F8E9-4E8B-909D-316753CBA923} => value deleted successfully.
'HKCR\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}' => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
'HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}'=> Key not found.
'HKLM\Software\MozillaPlugins\TorchVLC' => Key deleted successfully.
C:\Users\Admin\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\avg@toolbar => value deleted successfully.
Update LinkiDoo => Service deleted successfully.
C:\Systweak => Moved successfully.
"C:\Windows\Tasks\MySearchDial.job" => File/Directory not found.
C:\Users\Admin\AppData\Roaming\systweak => Moved successfully.
C:\ProgramData\TorchCrashHandler => Moved successfully.
"C:\Systweak" => File/Directory not found.
C:\Windows\system32\roboot.exe => Moved successfully.
C:\Users\Admin\Downloads\HSS-3.42-install-hss-560-conduit.exe => Moved successfully.
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk => Moved successfully.
C:\Users\Admin\AppData\Local\Torch => Moved successfully.
C:\Users\Admin\AppData\Local\Temp\BearShare_setup.exe => Moved successfully.
C:\Users\Admin\AppData\Local\Temp\conduitinstaller.exe => Moved successfully.

==== End of Fixlog ====

Attached Files

Fixlog.txt (12.5 KB)

↧

avaast blocking web pop ups from process svchost.exe

July 9, 2014, 2:37 am

≫ Next: Virus blocking internet access?

≪ Previous: help I have a virus of sorts

This is for your information and anybody that may read this thread:

Running tools like TDSSKiller and OTL should only be done under the guidance of a Malware expert. TDSSKiller will warn you if it finds bad infections, but if you don't make the correct settings before the scan is run it may miss something harmful and if you take inappropriate action with items it detects it can cause problems for your systems software and possibly make some programs unusable.

OTL is only a scanner that shows what is on your system, it does not identify infections or any potentially unwanted software and needs an expert to study the logs to see if anything needs to be removed. A script then needs to be created in order to remove any bad items identified in the logs. This tool serves no purpose to anyone that has not been trained in Malware removal.

↧

Virus blocking internet access?

July 9, 2014, 6:44 am

≫ Next: search.tb.ask browser hijacker

≪ Previous: avaast blocking web pop ups from process svchost.exe

Hello,

My desktop cannot access the internet. I have done quite a bit of troubleshooting, and I don't know what else to do. It's definitely not our internet connection, since we have internet on all our other devices, and I have plugged the modem/router into this laptop, and it works fine. I have run an updated MBAM three times, and the last scan found no issues. The computer is about 5 years old, and it has Windows 7. I have checked and rechecked all the network settings, and everything looks right. I have tried restoring to an earlier date, but that didn't work. I have uninstalled and reinstalled the network driver, but that didn't work either.

When I click on internet explorer, the address line is completely blank and almost immediately, I get a window that says internet explorer has stopped working. When I click on Chrome, three tabs pop open at the same time, and I get the error message dns_probe_finished_no_internet.

I am thinking this is some type of virus based on the way the computer is behaving, but I am no more tech savvy than the average educated person, so I really have no idea.

Is there anything else I can do?

Thanks!

↧

search.tb.ask browser hijacker

July 9, 2014, 2:31 pm

≫ Next: ice virus - blocking all SAFE modes and CD drives

≪ Previous: Virus blocking internet access?

Thanks for the quick response! AdwCleaner seems to have fixed the problem. The unwanted ask.com toolbar is gone and the search results seem to be back to normal. I've pasted the log file below. Let me know if there's anything else I need to check. Thanks!

# AdwCleaner v3.215 - Report created 09/07/2014 at 13:35:41
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Owner - DINOSAUR-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2dxtj6oy.default\pr efs.js ]

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=2F5CEC52-02A6-4462-A99B-B7E1E69C2D51&n=780c47ad&ind=2014070701&p2=^Y6^xdm267^YYA^us&si=CK7O4ejns78C FQxp7AodfEUAYA
Deleted [Startup_urls] : hxxps://mail.google.com/mail/u/0/?shva=1#inbox
Deleted [Extension] : dhhjmlmdpcpiojiffodbldlkgcnaeogp

[ File : C:\Users\Public.DINOSAUR-PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Startup_urls] : hxxps://mail.google.com/mail/u/0/#inbox

*************************

AdwCleaner[R0].txt - [1826 octets] - [09/07/2014 13:32:31]
AdwCleaner[S0].txt - [1765 octets] - [09/07/2014 13:35:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1825 octets] ##########

↧

ice virus - blocking all SAFE modes and CD drives

July 9, 2014, 7:44 pm

≫ Next: Trovi malware

≪ Previous: search.tb.ask browser hijacker

No problem. Thanks for the feedback. :)

↧

Trovi malware

July 9, 2014, 7:45 pm

≫ Next: Shutdown when Kaspersky tries to eliminate malware

≪ Previous: ice virus - blocking all SAFE modes and CD drives

Whoa! This must be worse than I thought. No knight in shining armor has come to my rescue yet!

I adding this post so when one of the geniuses on this sight has solved somebody else's challenge, my problem will be in plain sight.

Thanks again!

↧

Shutdown when Kaspersky tries to eliminate malware

July 9, 2014, 9:05 pm

≫ Next: Mouse Moves and Clicks On Its Own!

≪ Previous: Trovi malware

Hi~

I am having trouble getting rid of malware identified by Kaspersky. The location varies, but it's identified as a DangerousObject.Multi.Generic usually in a Temp folder. When I click the Kaspersky "Disinfect and Restart" button, it scans but then the computer shuts down and reboots and the cycle starts again. If I do NOT click the button, the dialog box remains but I can use the computer. But it doesn't seem safe to do so.

A kaspersky dialog box also keep popping up that it is blocking malicious malware.

Here's my data:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-3330S CPU @ 2.70GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 8066 Mb
Graphics Card: Intel(R) HD Graphics, -1984 Mb
Hard Drives: C: Total - 931641 MB, Free - 864790 MB;
Motherboard: Dell Inc., 0478VN
Antivirus: Kaspersky Internet Security, Not Updated

Thanks so much in advance!

Karen

↧

Mouse Moves and Clicks On Its Own!

July 9, 2014, 11:26 pm

≫ Next: Baffled by Black Screen

≪ Previous: Shutdown when Kaspersky tries to eliminate malware

Hello, I've tried factory resetting my computer and getting tend micro antivirus on my computer but no matter what i do this virus is destroying my life! I run Windows 8 and last week my computer started acting strange... The computer mouse will now randomly move left and right randomly and wont listen to input via touch pad, I have to use a mouse or i cant use the touchpad at all. Also the computer things i'm holding down the control key It's Also Zooming in and out Randomly!!. HELP!!!

↧

Baffled by Black Screen

July 10, 2014, 9:00 am

≫ Next: Simple Question about Sophos and MSE

≪ Previous: Mouse Moves and Clicks On Its Own!

Thats OK, only qualified people are allowed to work in this forum, and I'm not allowed to help or assist here, Only allowed moderation activity - so when you get one of the authorised malware advises respond, they will help , and go through what they need

thanks

↧

Simple Question about Sophos and MSE

July 10, 2014, 12:53 pm

≫ Next: proxy LAN problems

≪ Previous: Baffled by Black Screen

You should NEVER run two antivirus programs running at the same time.
One antivirus along with an anti-spyware program like Malwarebytes or Super AntiSpyware is OK.
If you install any anti-spyware program, make sure it does not have an antivirus built in. (An example would be Lavasoft Ad-Aware).

↧

proxy LAN problems

July 10, 2014, 9:50 pm

≫ Next: Computer Hacked

≪ Previous: Simple Question about Sophos and MSE

ok so it started with my LAN setting has been rechecking itself. Then my IE worked fine. Then it got to where when I unchecked the box and then go to my browser it would be checked again already. So I have been recovering my computer. Now it lets me only on some sites. I try to go to Hotmail.com and it wont let me but yet I can search in a search engine. when I type google.com bing pops up and I don't even have bing set for anything. I also have google chrome and it does the same thing. IE was actually closing its program and chrome lets me get to the settings. I checked my BIOS and didn't find anything. I use glary utilities and don't find anything. I cleared the cache setting but that didn't help with the sites. so please please please help and thank you. and please explain well I can get lost easy lol

Windows 8 beta user.

p.s. the beta OS pops up all the time telling me to install windows 8 but then it wont let me cause the shop doesn't work. and it shuts down like every 2 hrs.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8 Release Preview, 32 bit
Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz, x64 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 2038 Mb
Graphics Card: Mobile Intel(R) 965 Express Chipset Family (Microsoft Corporation - WDDM 1.1), 384 Mb
Hard Drives: C: Total - 114270 MB, Free - 68658 MB; E: Total - 953867 MB, Free - 373006 MB;
Motherboard: Dell Inc., 0DT492
Antivirus: Windows Defender, Disabled

↧

Computer Hacked

July 10, 2014, 11:13 pm

≫ Next: adw problem

≪ Previous: proxy LAN problems

My grand daughter's HP laptop has been hacked. A popup came on her computer. She called the number that promised to fix it and they gave her instructions on how to remove the popup and the virus that caused the popup. Next move was they called her back and said that the virus was back and they needed her to type in a box they provided. I believe she had to type lookup, but not sure. This gave them complete access to remotely hack into her computer. Finally they ask for 150.00 to update her microsoft program. When she did not have the money, they locked her out of her computer. The computer was running Windows 8.1. Now when you turn the computer on, there is a small box in the middle of the screen where you enter your password. After you do that you get a screen to choose an option., then the second screen says troubleshoot. The third screen I found says trouble shoot. I have no idea how to get into the computer. From some things I have read, people say to wipe the hard drive and reinstall the operating system, but when she received this new computer for Christmas, there were no discs. All programs were preinstalled. I would appreciate any help you can give me. Thank you.

↧

adw problem

July 11, 2014, 2:36 am

≫ Next: Norton 360 Detects Trojans but won't remove.

≪ Previous: Computer Hacked

Hi
I have used this programme on a number of occasions before & it has always run correctly, but the latest version scans correctly & finds items to remove but on reboot it drops my internet connection, this has happened on many occasions even in safemode. which I can only restore via a system restore point & it has not deleted the checked items.
this item has run perfectly well on many ocasions before, any ideas please. I enclose the most recent log that was saved

########## EOF - C:\AdwCleaner\AdwCleaner[R10].txt - [4645 octets] ##########
# AdwCleaner v3.215 - Report created 11/07/2014 at 10:29:31
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : vince - PRIVATE
# Running from : C:\Users\vince\Downloads\Programs\adwcleaner_3.215.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Folder Found : C:\Users\vince\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{28C02550-6572-401a-A2AE-5BC703C9BBA6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64FCFFAE-99F5-4E4F-A927-1FE39B079FCB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Found : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Mozilla Firefox v

[ File : C:\Users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\vince\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : jbolfgndggfhhpbnkgnpjkfhinclbigj

*************************

########## EOF - C:\AdwCleaner\AdwCleaner[R10].txt - [9132 octets] ##########
vince29

↧

Norton 360 Detects Trojans but won't remove.

July 11, 2014, 8:56 am

≫ Next: POP UP Removals

≪ Previous: adw problem

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-07-2014
Ran by Aaron at 2014-07-11 15:56:08 Run:1
Running from C:\Users\Aaron\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Reg: reg delete [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}]
"FaviconPath"=-
Reg: reg delete [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Settings Manager\systemk\tbicon.exe"=-
Reg: reg delete [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}]
"FaviconPath"=-
Reg: reg delete [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}]
"FaviconPath"=-
Reg: reg delete [HKEY_USERS\S-1-5-21-2696604925-3762794856-1063062783-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}]
"FaviconPath"=-
Reg: reg delete [HKEY_USERS\S-1-5-21-2696604925-3762794856-1063062783-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Settings Manager\systemk\tbicon.exe"=-
Reg: reg delete [HKEY_USERS\S-1-5-21-2696604925-3762794856-1063062783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Settings Manager\systemk\tbicon.exe"=-
C:\Program Files (x86)\Settings Manager
*****************

========= reg delete [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.

========= End of Reg: =========

========= reg delete [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.

========= End of Reg: =========

"C:\Program Files (x86)\Settings Manager\systemk\tbicon.exe=-" => File/Directory not found.

========= reg delete [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.

========= End of Reg: =========

========= reg delete [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.

========= End of Reg: =========

========= reg delete [HKEY_USERS\S-1-5-21-2696604925-3762794856-1063062783-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.

========= End of Reg: =========

========= reg delete [HKEY_USERS\S-1-5-21-2696604925-3762794856-1063062783-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.

========= End of Reg: =========

"C:\Program Files (x86)\Settings Manager\systemk\tbicon.exe=-" => File/Directory not found.

========= reg delete [HKEY_USERS\S-1-5-21-2696604925-3762794856-1063062783-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] =========

ERROR: Invalid key name.
Type "REG DELETE /?" for usage.

========= End of Reg: =========

"C:\Program Files (x86)\Settings Manager\systemk\tbicon.exe=-" => File/Directory not found.
"C:\Program Files (x86)\Settings Manager" => File/Directory not found.

==== End of Fixlog ====

↧

POP UP Removals

July 11, 2014, 6:00 pm

≫ Next: ywnmon32 removal help requested

≪ Previous: Norton 360 Detects Trojans but won't remove.

I have Windows 7 Pro 64 bit OS running with a clean install genuine disk on my PC and have loaded all my other programs to include Live Mail which is working perfectly. The issue I have now is that a continuously get advertising pop ups showing up on my desktop . I have a pop up blocker program installed to include the Adblock Plus on Mozilla, and I only use Mozilla Firefox though have Internet Explorer and Google Chrome installed but am not using these to surf the internet. I have performed a clean reinstallation of Mozilla Firefox and have placed a check on block popups., I have also run in several occasions my Windows Security Essentials with no detection of viruses and my Malwarebytes Pro Anti-Malware program with some detection of malware which my PC automatically either blocks it or places it in Quarantine. I seem to have exhausted avenues to further pursue the issue pop ups and was wondering if you could kindly guide me in the right direction to further solve this problem. There probably may be infected viruses in my system that may be causing this which MSE or Malwarebytes Pro is not able to remove but do not know.

↧

ywnmon32 removal help requested

July 12, 2014, 12:59 pm

≫ Next: PUP Virus

≪ Previous: POP UP Removals

Hello All,

My laptop has been infected with the ywnmon32 malware...

Your assistance in removing this is appreciated.

My system particulars:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD A8-3500M APU with Radeon(tm) HD Graphics, AMD64 Family 18 Model 1 Stepping 0
Processor Count: 4
RAM: 7658 Mb
Graphics Card: AMD Radeon(TM) HD 6620G, 512 Mb
Hard Drives: C: Total - 592813 MB, Free - 475515 MB; D: Total - 17361 MB, Free - 1891 MB; F: Total - 99 MB, Free - 89 MB;
Motherboard: Hewlett-Packard, 358B
Antivirus: Microsoft Security Essentials, Updated and Enabled

↧

PUP Virus

July 12, 2014, 4:10 pm

≫ Next: Please Help Im pretty sure I have a sneaky malware/spyware/trojan/ something.

≪ Previous: ywnmon32 removal help requested

Download the following on your spare PC and save to USB flash drive, transfer to sick PC and run. Post logs for me to see...

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Next,

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/down...scanner/dl/62/ and run it on the computer with the issue.
Make sure the following options are checked: