Please help me pum.desktopicons detected

January 8, 2015, 9:01 am

Hello and thank you in advance for helping me out. I am not sure how did pum.desktopicons is inside my computer. My desktop start to have a folder called Really which have the same name as my user name and when I double click it, it take me into my user folder were i can access my user folders like my music, picture and ect. So, I did a scan on my computer with the Rogue killer and it found 4 pum.desktopicons. After that I delete the Really folder. However, when i restart my computer it reaper back on my desktop. So, i press the windoes key + r and type in regedit and i remove it manual. However, when i restart my come the folder is still there. So, i did a test if i delete the folder on the desktop will make pum.desktopicons reaper and it did. So, i have no idea to remove it totally. I hope it is not a very bad problem. Please help me.

I am running windows 8.1
Model: ASUS DEsktop PC P30AD Series
Processor: Intel(R) Pentium(R) CPU G3220 @3.00Hz
Installed memory(RAM) 2.00GB
System type: 64-bit Operating Systemx64-based processor

Rogue killer Log

RogueKiller V10.1.2.0 (x64) [Jan 7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Really [Administrator]
Mode : Scan -- Date : 01/09/2015 00:55:53

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-378246313-1869054999-2515165714-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\Cl assicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-378246313-1869054999-2515165714-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\Cl assicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-378246313-1869054999-2515165714-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\Ne wStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-378246313-1869054999-2515165714-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\Ne wStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 +++++
--- User ---
[MBR] 78bb7d906d2a1893899ac13b7802f37a
[BSP] 699721c9ef70e2fa19d44f2162939d4a : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_DEL_01082015_141201.log - RKreport_DEL_01082015_141207.log - RKreport_DEL_01082015_141208.log - RKreport_DEL_01082015_141232.log
RKreport_DEL_01082015_141602.log - RKreport_DEL_01082015_141610.log - RKreport_DEL_01082015_141816.log - RKreport_DEL_01082015_141826.log
RKreport_DEL_01082015_164357.log - RKreport_DEL_01082015_223322.log - RKreport_SCN_01082015_141122.log - RKreport_SCN_01082015_141520.log
RKreport_SCN_01082015_141748.log - RKreport_SCN_01082015_141954.log - RKreport_SCN_01082015_164204.log - RKreport_SCN_01082015_220037.log
RKreport_SCN_01082015_230015.log - RKreport_SCN_01082015_230931.log - RKreport_SCN_01092015_003957.log

↧

I seem to have caught a malware

January 8, 2015, 9:28 am

≫ Next: unstoppable popups

≪ Previous: Please help me pum.desktopicons detected

Iv run a Lavasoft Antivirus run as well as numerous Spyware cleaners and none of them seem to recognize anything wrong or any infected files. Lavasoft identified 4 files the first time, and promptly cleaned them, but the problem still persists. Thank you for your help in advance.

Ilya

↧

unstoppable popups

January 8, 2015, 7:13 pm

≫ Next: Can Someone Please help Me

≪ Previous: I seem to have caught a malware

I am having popup issues again!
I've tried removing the latest installed programs but it's still causing popups in Mozilla & IE.Please help me.
I have JRT & OTL & FSRT installed from the last time you assisted me in cleaning my pc.

↧

Can Someone Please help Me

January 9, 2015, 1:08 am

≫ Next: Laptop extremely slow and redirects

≪ Previous: unstoppable popups

i had a Anti Virus Software from my ISP.I decided to get rid of it but for some reason I couldn't get it to uninstall using an online removal tool or Win ADD/Remove program I finally used a program to uninstall it but it still shows up in the Task bar even though it's not in the Win ADD/Removal window.
Now I got Microsoft Security Essentials but when I go to update my virus definitions it wont update it says the virus update couldn't complete because of a internet or connectivity problem.Can someone please help me to fix this?Thanks.

↧

Laptop extremely slow and redirects

January 9, 2015, 4:02 am

≫ Next: How to stop automatically opening web pages?

≪ Previous: Can Someone Please help Me

This is the attachment.

Attached Files

FixList.txt (5.8 KB)

↧

How to stop automatically opening web pages?

January 9, 2015, 4:43 am

≫ Next: Internet stopped working after removing malware

≪ Previous: Laptop extremely slow and redirects

Help me out.
I have scanned and cleaned my PC with AdwCleaner.
and the log is as below:

# AdwCleaner v4.107 - Report created 09/01/2015 at 18:04:37
# Updated 07/01/2015 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : skull - SKULL-PC
# Running from : C:\Users\skull\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : IePluginServices
[#] Service Deleted : Wajam Internet Enhancer Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\cosstminn
Folder Deleted : C:\ProgramData\e250b2547481f994
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Program Files (x86)\AnyProtectEx
Folder Deleted : C:\Program Files (x86)\cosstminn
Folder Deleted : C:\Program Files (x86)\ver4BlockAndSurf
Folder Deleted : C:\Users\skull\AppData\Local\Temp\Klip Pal
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\skull\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\skull\AppData\Local\onlysearch
Folder Deleted : C:\Users\skull\AppData\Local\torch
Folder Deleted : C:\Users\skull\AppData\Local\PriceFountain
Folder Deleted : C:\Users\skull\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\Users\skull\AppData\Roaming\SimpleFiles
Folder Deleted : C:\Users\skull\AppData\Roaming\sweet-page
Folder Deleted : C:\Users\skull\AppData\Roaming\RHEng
Folder Deleted : C:\Users\skull\AppData\Roaming\PriceFountain
File Deleted : C:\Users\skull\AppData\Roaming\Mozilla\Firefox\Profiles\10m4nbrs.default-1410951707145\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : LaunchSignup
Task Deleted : Update Service SimpleFiles
Task Deleted : Price Fountain
Task Deleted : couponsupport-S-649636217

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService s
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerPr otect
Key Deleted : HKCU\Software\Classes\keepmysearch
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ConvertAd]
Key Deleted : HKLM\SOFTWARE\Classes\cosstminn.cosstminn
Key Deleted : HKLM\SOFTWARE\Classes\cosstminn.cosstminn.2.0
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-649636217
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{407035B2-E071-DAA9-1A1A-B639AF6D426B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{407035B2-E071-DAA9-1A1A-B639AF6D426B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{407035B2-E071-DAA9-1A1A-B639AF6D426B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\SimpleFiles
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\BlockAndSurf
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\SimpleFiles
Key Deleted : HKLM\SOFTWARE\SmdmF
Key Deleted : HKLM\SOFTWARE\sweet-pageSoftware
Key Deleted : HKLM\SOFTWARE\Wajam

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0

-\\ Mozilla Firefox v32.0 (x86 en-US)

-\\ Comodo Dragon v

*************************

AdwCleaner[R0].txt - [5468 octets] - [09/01/2015 18:03:32]
AdwCleaner[S0].txt - [4801 octets] - [09/01/2015 18:04:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4861 octets] ##########

Now what I have to do.
please help.
Thank you

↧

Internet stopped working after removing malware

January 9, 2015, 6:52 am

≫ Next: Unstable computer...can't get antivirus to scan

≪ Previous: How to stop automatically opening web pages?

Hi everyone,

I installed the malware Vosteran search somehow. I use Chrome as browser for both my work computer and personal computer. I first spotted the malware at work as it showed up in Chrome, so I downloaded Adwcleaner and removed all the infected files. Restarted and it appeared OK.

Then later that day I found the same problem in Chrome on my personal computer at home (I always signed in for Google so all info in Chrome was shared). So I did the same thing, used Adwcleaner, removed malware and restarted. Only this time, after restarting, my internet won't work, I couldn't browse internet (not IE either), cannot get on Hangout in Chrome. But wifi showed it was connected perfectly.

IE gave me a detail error message saying one or more internet protocol may be missing

The next day I went to work and my work computer had no problem at all. I could get on internet as usual.

I tried the ipconfig\all and it didn't work. Tried ping test and no response. Finally I tried restoring system and it was not successful due to that "C drive might be corrupted". My work computer is Window 7 and my personal computer is Windows 8.1

Could someone help me with this issue? Thank you so so so much!!!

↧

Unstable computer...can't get antivirus to scan

January 9, 2015, 10:50 am

≫ Next: Very Sluggish, Avast constantly throwing up threat detected messages

≪ Previous: Internet stopped working after removing malware

Thanks for the quick reply Kevin. Here is the log:

ComboFix 15-01-08.01 - Owner 01/09/2015 13:23:05.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1314 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Owner\LOCALS~1\Temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1101_1\dbdata11.dll
c:\documents and settings\All Users\Application Data\1397145167.bdinstall.bin
c:\documents and settings\All Users\Application Data\1397145766.176.bin
c:\documents and settings\All Users\Application Data\1397145766.2572.bin
c:\documents and settings\All Users\Application Data\1397145766.3248.bin
c:\documents and settings\All Users\Application Data\1397147353.bdinstall.bin
c:\documents and settings\All Users\Application Data\1420655633.bdinstall.bin
c:\documents and settings\All Users\Application Data\1420655641.1944.bin
c:\documents and settings\All Users\Application Data\1420655641.3432.bin
c:\documents and settings\All Users\Application Data\1420655641.3444.bin
c:\documents and settings\All Users\Application Data\1420655641.4024.bin
c:\documents and settings\All Users\Application Data\1420655724.bdinstall.bin
c:\documents and settings\All Users\Application Data\1420655729.bdinstall.bin
c:\documents and settings\All Users\Application Data\1420656733.bdinstall.bin
c:\documents and settings\All Users\Application Data\1420751364.bdinstall.bin
c:\documents and settings\All Users\Application Data\1420751371.bdinstall.bin
c:\documents and settings\Owner\Application Data\FileDrTool.log
c:\documents and settings\Owner\Local Settings\Temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1101_1\dbdata11.dll
c:\documents and settings\Owner\My Documents\DGRF9.tmp
c:\documents and settings\Owner\WINDOWS
C:\SETUP.EXE
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\system32\SET4C.tmp
.
.
((((((((((((((((((((((((( Files Created from 2014-12-09 to 2015-01-09 )))))))))))))))))))))))))))))))
.
.
2015-01-08 16:54 . 2015-01-08 16:54 -------- d-----w- c:\documents and settings\Owner\Application Data\AVAST Software
2015-01-08 16:54 . 2015-01-08 16:54 -------- d-----w- c:\windows\jumpshot.com
2015-01-08 16:52 . 2015-01-08 16:52 43152 ----a-w- c:\windows\avastSS.scr
2015-01-08 16:50 . 2015-01-08 16:50 -------- d-----w- c:\program files\Antivirus
2015-01-07 19:48 . 2015-01-07 19:48 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG2015
2015-01-07 19:47 . 2015-01-07 19:47 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2015
2015-01-07 19:44 . 2015-01-07 19:44 -------- d-----w- c:\documents and settings\Owner\Application Data\TuneUp Software
2015-01-07 19:33 . 2015-01-08 21:19 -------- d-----w- C:\$AVG
2015-01-07 19:33 . 2015-01-08 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2015
2015-01-07 19:22 . 2015-01-07 21:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Avg2015
2015-01-07 19:22 . 2015-01-08 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2015-01-07 19:22 . 2015-01-07 19:22 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\MFAData
2015-01-07 18:59 . 2009-07-15 04:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2015-01-07 18:54 . 2015-01-08 21:10 -------- d-----w- c:\program files\Bitdefender
2014-12-16 20:25 . 2014-12-16 20:25 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-09 21:54 . 2012-10-24 15:42 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-09 21:54 . 2012-10-24 15:42 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-09 02:25 . 2014-12-09 02:25 192792 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
2014-11-19 09:31 . 2014-11-19 09:31 1217192 ----a-w- c:\windows\system32\FM20.DLL
2014-11-19 02:41 . 2014-11-19 02:41 154904 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MusicManager"="c:\documents and settings\Owner\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe" [2014-11-13 7475200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2009-01-09 114688]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2014-01-16 3774776]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1122304]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-1-17 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-6 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Intuit Data Protect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
backup=c:\windows\pss\Intuit Data Protect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
backup=c:\windows\pss\QuickBooks_Standard_21.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 11:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
2003-05-08 16:34 69632 ----a-w- c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 15:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 15:35 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2005-03-17 19:45 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2014-01-16 14:59 3774776 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 11:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2005-03-17 19:25 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
2003-11-20 23:01 525824 ----a-w- c:\program files\COMPAQ\SetRefresh\SetRefresh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 09:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Brother\\Brmfl08i\\FAXRX.exe"=
"c:\\Program Files\\Brother\\BRAdmin Light\\BRAdmLight.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2013\\QBDBMgrN.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2013\\QBW32.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2013\\DBManagerExe.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2013\\FileManagement.exe"=
"c:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBCFMonitorService.exe"=
"c:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBLaunch.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"54925:UDP"= 54925:UDP:Brother Network Scanner
.
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [7/30/2008 2:23 PM 161064]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [11/26/2012 10:22 AM 1248256]
R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [6/5/2014 3:25 PM 4799760]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-24 21:54]
.
2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-30 16:53]
.
2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-30 16:53]
.
2015-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-2052111302-839522115-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-16 12:43]
.
2015-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-2052111302-839522115-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-16 12:43]
.
2015-01-09 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-26 01:59]
.
2014-12-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-26 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} - hxxp://10.1.10.100/WebClient.exe
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-VERIZONDM - c:\program files\VERIZONDM\bin\sprtcmd.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-01-09 13:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_ 0_0_246_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.e xe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3668)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\TeamViewer\Version9\TeamViewer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\TeamViewer\Version9\tv_w32.exe
.
**************************************************************************
.
Completion time: 2015-01-09 13:43:45 - machine was rebooted
ComboFix-quarantined-files.txt 2015-01-09 18:43
.
Pre-Run: 115,526,987,776 bytes free
Post-Run: 116,204,167,168 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4BC35EEDE19DA3327A5CED56018E3F3A
5F8B5082F3482CC06B72EC5806598AE9

↧

Very Sluggish, Avast constantly throwing up threat detected messages

January 9, 2015, 11:16 am

≫ Next: HELP I have this IPH.TROJAN.CLICKER.W7 on my laptop

≪ Previous: Unstable computer...can't get antivirus to scan

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 3943 Mb
Graphics Card: Intel(R) HD Graphics Family, 1843 Mb
Hard Drives: C: Total - 465583 MB, Free - 377606 MB;
Motherboard: Sony Corporation, VAIO
Antivirus: avast! Antivirus, Updated and Enabled

Very unwieldy, have to tease it and mess with it to get it to open a webpage. Hangs up, freezes. Zoom comes on by itself and sticks and runs the view down to 10%, takes awhile and some trouble to get it unstuck.

↧

HELP I have this IPH.TROJAN.CLICKER.W7 on my laptop

January 9, 2015, 12:43 pm

≫ Next: Missing extension?

≪ Previous: Very Sluggish, Avast constantly throwing up threat detected messages

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3932 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1838 Mb
Hard Drives: C: Total - 476837 MB, Free - 378091 MB;
Motherboard: Dell Inc., 0D176M
Antivirus: Panda Antivirus Pro 2015, Updated and Enabled

I have this IPH.TROJAN.CLICKER.W7 on my laptop Dell Windows 7, I need assistance to remove. I have been crashing & receiving the blue death screen & slow operating speed.

↧

Missing extension?

January 9, 2015, 5:02 pm

≫ Next: Windows 7 Updates are being disabled

≪ Previous: HELP I have this IPH.TROJAN.CLICKER.W7 on my laptop

So, I am assuming this problem is solved. Now if the windows update issue will be just as easy.

↧

Windows 7 Updates are being disabled

January 10, 2015, 9:17 am

≫ Next: Fake Google Chrome processes taxing computer

≪ Previous: Missing extension?

I'm marking this closed because this issue is being addressed in another thread.

↧

Fake Google Chrome processes taxing computer

January 10, 2015, 11:37 am

≫ Next: file not found

≪ Previous: Windows 7 Updates are being disabled

OK I can see the problem from those logs
This might fix it on the first run , but it is likely that we will have to use a special script on the next run to dela with it all

Delete any existing version of ComboFix you might already have sitting on your desktop or in downloads folder

Please read and follow all these instructions very carefully

Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop or your downloads folder.

**Note: It is important that it is saved directly to your desktop or downloads folder and run from either the desktop or the downloads folder and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
Remember to re enable the protection again after combofix has finished

--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running

Double click on combofix.exe & follow the prompts.

If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*

If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

↧

file not found

January 10, 2015, 12:18 pm

≫ Next: Update Google chrome virus/malware

≪ Previous: Fake Google Chrome processes taxing computer

trying to open my laptop and get error message file:///C:Program-1/common-1/syste/sysmen.dill how do i fix?

↧

Update Google chrome virus/malware

January 11, 2015, 9:08 am

≫ Next: How to remove themida

≪ Previous: file not found

TSG - SysInfo utility

Right mouse click on this link:SysInfo utility
Select from the pop up box:
"Save link as..."
From the left panel of the pop up box, scroll up and select desktop.
Click the "Save" button.

From your desktop:

Right Mouse click SysInfo.exe, select "Run As Administrator" to run it... if UAC prompts, please allow it.
Right click, select copy and then paste in your next post.

↧

How to remove themida

January 11, 2015, 11:39 am

≫ Next: No adobe reader

≪ Previous: Update Google chrome virus/malware

I cant remove it from the control panel and i have tried scanning from programs but it wont leave please help. my hijackthis status is down here please help. :)
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:36:00 PM, on 1/11/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\owner\Downloads\HijackThis.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Isaver - {3B114BE4-867B-5F63-497A-2E992B76092E} - C:\ProgramData\Isaver\9rcgpWssEy.dll (file missing)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ExpressFiles] "C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe" -tray
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [RunIt] "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" about:newaddon?id={64d64833-9296-421b-a362-83cfbd6291b6}
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [HideOrb] C:\Program Files (x86)\Ultimate Windows Customizer\Tools\Hideit.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [File] "C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\owner\Downloads\corePV12.jar"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Facebook Messenger.lnk = C:\Users\owner\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenge r.exe
O4 - Startup: Xfire2.bat
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3conver ter.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.cinemanow.com
O15 - Trusted Zone: http://*.hp.com
O15 - Trusted Zone: http://*.qflix.com
O15 - Trusted Zone: http://*.roxio.com
O15 - Trusted Zone: http://redirect.sonic.com
O15 - Trusted Zone: http://redirect2.sonic.com
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - http://content.systemrequirementslab...ri_4.5.1.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13130 bytes

↧

No adobe reader

January 11, 2015, 11:43 am

≫ Next: have malware

≪ Previous: How to remove themida

press the blue reply button, then the manage attachment button

↧

have malware

January 11, 2015, 11:56 am

≫ Next: Trying to remove multiple malware/adware issues

≪ Previous: No adobe reader

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4047 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1799 Mb
Hard Drives: C: Total - 152269 MB, Free - 116692 MB;
Motherboard: Dell Inc., 0U692R
Antivirus: avast! Antivirus, Updated and Enabled

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:36:35 AM, on 11/01/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\tinySpell\tinyspell.exe
C:\Program Files (x86)\Boost\Boost.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Comodo\Firewall\cpf.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\User\AppData\Roaming\Search Protection\SP.EXE
C:\Users\User\Downloads\JavaSetup8u25.com
C:\Users\User\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://us.search.yahoo.com/yhs/sear...F86BCF_s55_g_e
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Boost - {2299856A-6506-42E3-A34F-CD35A47C1B19} - C:\Program Files (x86)\Boost\Boost.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files (x86)\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [tinySpell] C:\Program Files (x86)\tinySpell\tinyspell.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Boost] C:\Program Files (x86)\Boost\Boost.exe
O4 - HKCU\..\Run: [Search Protection] "C:\Users\User\AppData\Roaming\Search Protection\SP.EXE" /autostart
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1420986554
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files (x86)\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{16F62934-1D49-42CE-8135-DF4CA6EC1FCD}: NameServer = 207.164.234.193 207.164.234.129
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e0 85d3cd5b474ba6\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Search Protect Service (CltMngSvc) - Client Connect LTD - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files (x86)\Comodo\Firewall\cmdagent.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\AMT\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e0 85d3cd5b474ba6\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9935 bytes

↧

Trying to remove multiple malware/adware issues

January 11, 2015, 3:47 pm

≫ Next: Windows 8.1 crashes after log in

≪ Previous: have malware

I've attached a HijackThis log to this post.

Edit:
Additional information I forgot to include about the issue:
The programs keep adding extensions and homepages to the web browsers. I've reset all of them to default settings and removed scheduled tasks from all three browsers (Chrome, Firefox, IE), but they keep reverting to the pre-reset state.

Besides this, I think I've managed to remove the rest of the symptoms of the virus, as the computer is running much more smoothly than when I first got ahold of it and I'm not noticing any other signs of a virus elsewhere. I would really like to get it cleaned up completely though.

Attached Files

hijackthis.log (12.0 KB)

↧

Windows 8.1 crashes after log in

January 12, 2015, 7:41 am

≫ Next: IE and Mozilla not working - dl.exe problem?

≪ Previous: Trying to remove multiple malware/adware issues

let's try this; this is a can from Malware Expert Mark1956, and I'm asking him to swing by as well.

SCAN 1
Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:

You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.

↧

Latest Images