Explorer Not Responding

September 3, 2014, 8:08 pm

≫ Next: help with greatly slowed down lenovo think centre

≪ Previous: Infected with MintCastNetworks

$

0

0

Quote:

Hope this helps

Incomplete and missing logs do not help.

What I need back from you:
Post each COMPLETE LOG separately.
Contents of DDS.txt
Contents of Attach.txt
Contents of OTL.txt
Contents of Extras.txt

These logs will be on your desktop. Post all of them.

---

help with greatly slowed down lenovo think centre

September 3, 2014, 9:19 pm

≫ Next: Help to remove adware

≪ Previous: Explorer Not Responding

$

0

0

I have a lenovo think centre g2020 with an intel pentium processor 2.90 ghz
it has a 2 gb memory

I have read some of the postings and it looks like running hijack this and posting a log file is usually the first thing you smart ones have us lost souls do first. so heres my log file. Help. ;please


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:05 AM, on 9/4/2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Lenovo\Password Manager\password_manager.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\PENTAX\MediaImpression\PhotoJourni\PhotoJourni.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13-comm.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13-comm.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C16DF673FCE3ED7524A4C6A0A71EBB86] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2463136246-3131387353-3615597624-1000\..\Run: [GoogleChromeAutoLaunch_AD2529C7DB5B63D28C23362385276129] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window (User 'Alex')
O4 - S-1-5-21-2463136246-3131387353-3615597624-1000 Startup: Dropbox.lnk = Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'Alex')
O4 - S-1-5-21-2463136246-3131387353-3615597624-1000 User Startup: Dropbox.lnk = Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (User 'Alex')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Password Manager\tvtpwm_ie_com.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FastbootService - Lenovo - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: ThinkVantage Virtual Camera Controller (LENOVO.TVTVCAM) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: LSCWinService - Unknown owner - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: Livescribe Pulse Smartpen Service (PenCommService) - Livescribe - C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skdaemon Service (Sks8821) - Unknown owner - C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 15552 bytes

Help to remove adware

September 4, 2014, 4:04 am

≫ Next: Frustrated with my HP

≪ Previous: help with greatly slowed down lenovo think centre

$

0

0

has that cured it or are you still having problems
If there are problems, which browser is having the problems

Frustrated with my HP

September 4, 2014, 4:17 am

≫ Next: Computer freezes on and off

≪ Previous: Help to remove adware

$

0

0

When you get a chance, please tell me how it's running for you.

Computer freezes on and off

September 4, 2014, 5:49 am

≫ Next: Weird Scan from MBAM Rootkit Scan

≪ Previous: Frustrated with my HP

$

0

0

Hello Kittysfriend123, welcome to Tech Support Guy's Malware Removal forum!

My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)

======================================================

Please read through the points below to ensure this process moves as quickly and efficiently as possible.

• Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
• Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
• Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
• Please backup important documents before proceeding with my instructions.
• If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.

======================================================

Please run the following diagnostic scans so I can ascertain the state of your computer.

STEP 1
Farbar Recovery Scan Tool (FRST) Scan

• Please download Farbar Recovery Scan Tool (x64) and save the file to your desktop.
• Right-Click FRST64.exe and select Run as administrator to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply.

STEP 2
TDSSKiller Scan

• Please download TDSSKiller and save the file to your desktop.
• Right-Click TDSSKiller.exe and select Run as administrator to run the programme.
• Click Change parameters. Place a checkmark next to Detect TDLFS file system.
• Click Start Scan. Do not use the computer during the scan.
• If objects are found, change the action to skip.
• Click Continue and close the window.
• A log will be created and saved to the root directory (usually C:\). Copy the contents of the log and paste in your next reply.

======================================================

STEP 3
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• FRST.txt
• Addition.txt
• TDSSKiller log

Weird Scan from MBAM Rootkit Scan

September 4, 2014, 5:53 am

≫ Next: Slow running laptop

≪ Previous: Computer freezes on and off

$

0

0

Hello rchin,

False-positives concerning forged physical sectors are not common.

If you have not done so already, I suggest you contact your helper at Bleeping Computer and ask for your topic to be re-opened. It would make more sense to continue with your topic at BC.

Slow running laptop

September 4, 2014, 5:57 am

≫ Next: help computer needs cleaned

≪ Previous: Weird Scan from MBAM Rootkit Scan

$

0

0

Hello GaryQ,

Pleas read the following topic, and run the tool requested. We can begin once you have posted the log from SysInfo.

help computer needs cleaned

September 4, 2014, 5:58 am

≫ Next: Do I have malware?

≪ Previous: Slow running laptop

$

0

0

I need to get rid of some stuff using hijack, dont want to remove the wrong thing, I hace pup virus,adware. please help

---

Do I have malware?

September 4, 2014, 5:59 am

≫ Next: Vaudex? Virus

≪ Previous: help computer needs cleaned

$

0

0

Hello Postviceman, welcome to Tech Support Guy's Malware Removal forum!

My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)

======================================================

Please read through the points below to ensure this process moves as quickly and efficiently as possible.

• Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
• Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
• Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
• Please backup important documents before proceeding with my instructions.
• If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.

======================================================

Please run the following diagnostic scans so I can ascertain the state of your computer.

STEP 1
Farbar Recovery Scan Tool (FRST) Scan

• Please download Farbar Recovery Scan Tool (x64) and save the file to your desktop.
• Right-Click FRST64.exe and select Run as administrator to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your desktop. Copy the contents of both logs and paste in your next reply.

STEP 2
TDSSKiller Scan

• Please download TDSSKiller and save the file to your desktop.
• Right-Click TDSSKiller.exe and select Run as administrator to run the programme.
• Click Change parameters. Place a checkmark next to Detect TDLFS file system.
• Click Start Scan. Do not use the computer during the scan.
• If objects are found, change the action to skip.
• Click Continue and close the window.
• A log will be created and saved to the root directory (usually C:\). Copy the contents of the log and paste in your next reply.

======================================================

STEP 3
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• FRST.txt
• Addition.txt
• TDSSKiller log

Vaudex? Virus

September 4, 2014, 9:23 am

≫ Next: Computer crashing during login, strange icon

≪ Previous: Do I have malware?

$

0

0

Help. :eek: Need help removing Vaudix virus. Can some one please advise. Thanks. :o

Computer crashing during login, strange icon

September 4, 2014, 10:29 am

≫ Next: Unidentified Malware?

≪ Previous: Vaudex? Virus

$

0

0

Hello,

Here is the SysInfo text:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 8
RAM: 12265 Mb
Graphics Card: NVIDIA GeForce GTX 560M, 1536 Mb
Hard Drives: C: Total - 476737 MB, Free - 172659 MB;
Motherboard: CLEVO, P150HMx
Antivirus: avast! Antivirus, Updated and Enabled

I recently noticed that during login to Windows I am prompted to choose a profile, which has never happened before as I am the only person who uses this computer and it generally directly prompts me for my password. Sometimes, there is a strange flower-like icon on my profile picture, which has not appeared in the past. More alarmingly, sometimes the computer would freeze indefinitely during/after login and only a hard reboot would fix that. I think I have a virus because I also get random popups at erratic times.

I ran Avast! and Malwarebytes, but they didn't pick up anything. I was wondering if you could advise on whether or not my machine is infected, and how I can remove the infection.

Thanks in advance!

Unidentified Malware?

September 4, 2014, 12:58 pm

≫ Next: M...LOCKER/Personal file is this a virus

≪ Previous: Computer crashing during login, strange icon

$

0

0

We will find out
Please go here:
http://forums.techguy.org/virus-othe...e-posting.html
Run the System Info Utility so I can see what kind of machine you have. Then we can get started.

M...LOCKER/Personal file is this a virus

September 4, 2014, 3:20 pm

≫ Next: Paypal redirect

≪ Previous: Unidentified Malware?

$

0

0

I finally had the time to go through the results from the scan for all the McAfee remnants, so here is the fix to remove them. No rush to do this, just post back when you have the time.

We are now going to run FRST in a different way.

• IMPORTANT---> First download the attachment at the bottom of this post by clicking on it and save it in the same location as FRST.
• Launch FRST by double clicking on it. DO NOT click on the Scan button or check any of the boxes.
• You may see a message that an update is installing, if so the program will close when the update completes, you will then need to double click on FRST to open it again.
• When the FRST window opens click on the Fix button just once and wait.
• You will see a message confirming the fix has been run and the log saved, click on OK and the Fixlog will open. Copy & Paste the full log it into your next reply.

NOTE: This fix has been written specifically for the PC being dealt with in this thread, if you run it on another system it may have undesirable consequences. If you have a similar problem, ask for help by opening a new thread in the appropriate forum.

Attached Files

fixlist.txt (12.8 KB)

Paypal redirect

September 5, 2014, 1:09 am

≫ Next: Virus - Christina's ultimate dieting?

≪ Previous: M...LOCKER/Personal file is this a virus

$

0

0

Hello,

After carrying out the following steps, please continue to monitor your computer. Let me know if there are any outstanding issues.

Did you download these files?

• C:\Users\kong\Downloads\regkey(1).dat
• C:\Users\kong\Downloads\regkey.dat

STEP 1
Farbar Recovery Scan Tool (FRST) Script

• Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.
• Copy the entire contents of the codebox below and paste into the Notepad document (do not include the word "Quote").
  
  Quote:

  start HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-2310712128-3025305822-2379216768-1001\...\MountPoints2: {d7783508-2958-11e4-825c-9cd21e61abe3} - "C:\Windows\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL H:\start.exe C:\ProgramData\SetStretch.exe C:\ProgramData\SetStretch.VBS CMD: ipconfig /flushdns CMD: netsh winsock reset all CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset CMD: bitsadmin /reset /allusers Hosts: EmptyTemp: end

• Click File, Save As and type fixlist.txt as the File Name.
• Important: The file must be saved in the same location as FRST.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

• Right-Click FRST64.exe and select Run as administrator to run the programme.
• Click Fix.
• A log (Fixlog.txt) will open on your desktop.Copy the contents of the log and paste in your next reply.

STEP 2
VirusTotal Upload

• Please go to VirusTotal.com.
• Click Choose File and locate the following file:
  
  
  • C:\ProgramData\kmytnfun.aqy
  
  
• ​Click Scan it!.
• If you receive the following notification: File already analysed click Reanalyse.
• Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply.
• Please do the same for the files below:
  
  
  • C:\Users\kong\AppData\Roaming\sp_data.sys​

STEP 3
Junkware Removal Tool (JRT)

• Please download Junkware Removal Tool and save the file to your desktop.
• Note: If you unchecked any items in AdwCleaner, please backup the associated files/folders prior to running JRT.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Right-Click JRT.exe and select Run as administrator to run the programme.
• Follow the prompts and allow the scan to run uninterrupted.
• Upon completion, a log (JRT.txt) will open on your desktop.
• Re-enable your anti-virus software.
• Copy the contents of JRT.txt and paste in your next reply.

======================================================

STEP 4
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• Did you download the files?
• Fixlog.txt
• VirusTotal results
• JRT.txt
• Are there any outstanding issues?

Virus - Christina's ultimate dieting?

September 5, 2014, 4:11 am

≫ Next: Adware Removal,popups,redirects,etc.

≪ Previous: Paypal redirect

$

0

0

Please run this program below and post the log:

Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:

You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.

NOTE: If for any reason the report does not appear, open Windows Explorer and click on the C: drive in the left pane, in the right pane you should find a new folder called Adwcleaner, double click on it and you will see the saved logs. Find the log that has a number in brackets starting with an S NOT R, similar to this: Adwcleaner[S1], double click on the one with the highest number and the log will open, Copy & Paste it into your reply.

---

Adware Removal,popups,redirects,etc.

September 5, 2014, 5:39 am

≫ Next: Computer slow, flash program freezes videos.

≪ Previous: Virus - Christina's ultimate dieting?

$

0

0

Put
AdwCleaner
Malwarebytes Anti-Malware
SUPERAntiSpyware
to use.
They're all free and do a good job of finding and removing malware, spyware, rogues, hijackers, adware tracers, etc..

The first one is downloaded and saved and run from the desktop.
The second and third ones have to be downloaded and saved and then installed.
Make sure to update their definition files before doing a threat scan/quick scan with them.

I recommend putting them to use at least once a week.

----------------------------------------------------------

Computer slow, flash program freezes videos.

September 5, 2014, 10:54 am

≫ Next: need to get rid of internet security

≪ Previous: Adware Removal,popups,redirects,etc.

$

0

0

Some videos won't play at all; others freeze/pause very frequently. FYI, I'm an old guy who came to computing late in life. I'm not stupid, just don't know a lot about computers. I will do my best to follow your instructions.

Thanks, Boyd Bilbo.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 4043 Mb
Graphics Card: Intel(R) HD Graphics Family, 1797 Mb
Hard Drives: C: Total - 584792 MB, Free - 461338 MB; D: Total - 21422 MB, Free - 2278 MB; E: Total - 4055 MB, Free - 10 MB;
Motherboard: Hewlett-Packard, 1695
Antivirus: avast! Antivirus, Updated and Enabled

need to get rid of internet security

September 5, 2014, 11:05 am

≫ Next: Cryptowall

≪ Previous: Computer slow, flash program freezes videos.

$

0

0

pop up internet security, cant find on my computer to rid of this

Cryptowall

September 5, 2014, 1:03 pm

≫ Next: Adware, malware, browser, polyps,etc.

≪ Previous: need to get rid of internet security

$

0

0

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, 64 bit
Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz, Intel64 Family 6 Model 30 Stepping 5
Processor Count: 8
RAM: 8151 Mb
Graphics Card: NVIDIA GeForce GTS 240, 1024 Mb
Hard Drives: C: Total - 700363 MB, Free - 640677 MB;
Motherboard: Dell Inc., 0T568R
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled

I have read the other one on this same problem but it appears to have been locked. I want to try that https://www.decryptcryptolocker.com/ but you need a copy of an encrypted file to use it. How do I get that?



0C36E0D53429A582AFAF142FB04C37C7

What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)


What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.


How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.


What do I do ?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.


For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1.https://kpai7ycr7jxqkilp.onion.lt/e3Ld
2.https://kpai7ycr7jxqkilp.tor4life.com/e3Ld
3.https://kpai7ycr7jxqkilp.way2tor.com/e3Ld

If for some reasons the addresses are not available, follow these steps:
1.Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2.After a successful installation, run the browser and wait for initialization.
3.Type in the address bar: kpai7ycr7jxqkilp.onion/e3Ld
4.Follow the instructions on the site.


IMPORTANT INFORMATION:
Your personal page: https://kpai7ycr7jxqkilp.onion.lt/e3Ld
Your personal page (using TOR): kpai7ycr7jxqkilp.onion/e3Ld
Your personal identification number (if you open the site (or TOR 's) directly): e3Ld

Adware, malware, browser, polyps,etc.

September 5, 2014, 3:01 pm

≫ Next: recovering of system

≪ Previous: Cryptowall

$

0

0

Adware Removal,popups,redirects,etc.
I am using an Asus X552E
AMD dual core E1-2100 1.0ghz
4 GB, 500 GB HDD
Windows 8.1
Browsers: Internet Explorer,Chrome, FireFox

I have a malicious attack when web browsing, ads are popping up every time I click on a page,text,link, etc.
Sometimes 4-5 new pages popup after clicking on my original page, redirecting to "spam sites."

I tried spybot,stinger,windows defender, norton[/B] and nothing is able to find where this is coming from. " It only happens when web browsing" on all three browsers mentioned above.

Does anyone know of any free software that can remove this adware/malware?
And really need a free software to clean deleted files as I have learned that they can still be there, any help with this matter is appreciated. I'm a student and currently unable to do proper research because of all the popups and redirecting.


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: AMD E1-2100 APU with Radeon(TM) HD Graphics, AMD64 Family 22 Model 0 Stepping 1
Processor Count: 2
RAM: 3524 Mb
Graphics Card: AMD Radeon HD 8210, 512 Mb
Hard Drives: C: Total - 190423 MB, Free - 136077 MB; D: Total - 264546 MB, Free - 98396 MB;
Motherboard: ASUSTeK COMPUTER INC., X550EA
Antivirus: Windows Defender, Disabled