Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91520 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Websearch. Searchnewtab, keyword Hijacker. false emails, IE wont work


  • This topic is locked This topic is locked
34 replies to this topic

#16 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 16 January 2014 - 09:16 AM

Hi NoNo,

Go back to my previous post and run the Microsoft Fix-It, reboot and attempt to get Windows updates.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#17 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 16 January 2014 - 05:33 PM

Ok I tried the Fix It. It gave me the same results and so did Windows Update when I ran it. There are 2 things that happened.

1. When I rebooted, Microsoft Security Essentials there was a red X on the icon. It said that real-time protection was turned off, which I had not done. When I looked, there was a check mark, so it wasn't turned off. It just said it was. Its never done this. It was working good a minute later. (or it looks like its working good).

2. On the web Result Report for Fix It, under Issues Found and Issues Checked, when I clicked the arrow down to read more info

there were 8 weird symbols/emoticons covering the beginning of each issue found/checked:

-smileyface w/ a black box covering bottom half of it

-black circle

-security badge

-a present

-and i w/ a circle around it

-black circle

-a present

-a security badge

 

Ok now what?

 

Thank you,

NoNo


Edited by NoNo, 16 January 2014 - 05:34 PM.


#18 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 16 January 2014 - 10:08 PM

Hi NoNo,

Let's ensure we have gotten all the malware removed, then we will refocus on the remaining issues.

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================


bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:
  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.
=========================

In your next post please provide the following:
  • MBAM log
  • ESET's log.txt
  • How's the computer running?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#19 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 19 January 2014 - 12:59 AM

Hi- The computer is running a little slower. When I'm online, its very very very slow for pages to load. In the last few days, a box comes up and says explorer has stopped responding and must shut down. This has happened probably 8 times.

The logs are below.

 

MBAM log: 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.17.01
 
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
gogo :: GOGO [administrator]
 
1/16/2014 10:22:10 PM
mbam-log-2014-01-16 (22-22-10).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 270352
Time elapsed: 9 minute(s), 5 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 1
C:\Program Files\SearchNewTab (PUP.Optional.SearchNewTab.A) -> Quarantined and deleted successfully.
 
Files Detected: 8
C:\ProgramData\InstallMate\{0D7E492F-FAFE-4B16-A9FD-B2DCD69D6BD9}\Custom.dll (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{83AC8764-0B54-4B28-A9C3-4376584FA592}\Custom.dll (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\Program Files\SearchNewTab\nS.tlb (PUP.Optional.SearchNewTab.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchNewTab\nS.dat (PUP.Optional.SearchNewTab.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchNewTab\nS.x64.dll (PUP.Optional.SearchNewTab.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchNewTab\u3WjCHYv.dat (PUP.Optional.SearchNewTab.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchNewTab\u3WjCHYv.tlb (PUP.Optional.SearchNewTab.A) -> Quarantined and deleted successfully.
C:\Program Files\SearchNewTab\u3WjCHYv.x64.dll (PUP.Optional.SearchNewTab.A) -> Quarantined and deleted successfully.
 
(end)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
ESET log:
C:\Qoobox\Quarantine\C\Users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\adldgbplljnchkkppbfhbcknbpbbdcii\1.3\G_hjatRGNdYa.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmodnijfgmhdmlkekdlaepjnkgjojfpa\1.0\Pp8H.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin\1.3\AkqU_H.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\Daisy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadacbooohdmfjnificblknbmebopbjn\1.0\bemvUOIVaW.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\gogo\AppData\Local\Google\Chrome\User Data\Default\Extensions\njnklmjlkbkemohmohhbfdlhedfokfin\1.3\AkqU_H.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\d81cayud2k@hccw.co.uk\content\bg.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\ewn.4uoaa@gaeflcf-.co.uk\content\bg.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\kei7xsml@mukic.com\content\bg.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\gogo\AppData\Roaming\Mozilla\Firefox\Profiles\1qnmbpub.default\extensions\staged\vtn-uyeo@viq-i.com\content\bg.js.vir Win32/Adware.MultiPlug.H application
C:\Users\gogo\Desktop\Security\backups\backup-20131206-012817-254.dll a variant of Win32/AdWare.MultiPlug.N application
C:\Users\gogo\Desktop\Security\backups\backup-20131206-012817-874.dll a variant of Win32/AdWare.MultiPlug.N application
 


#20 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 19 January 2014 - 01:09 AM

Hi NoNo,

bullseye_zpse9eaf36e.gif Disk Defragmenter for Vista

  • Open Disk Defragmenter by clicking the Start button, > All Programs, > Accessories, > System Tools and then clicking Disk Defragmenter..
  • If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Click Defragment Now.

Disk Defragmenter might take from several minutes to a few hours to finish, depending on the size and degree of fragmentation of your hard disk. You can still use your computer during the defragmentation process.

Tutorial: http://windows.micro...-your-hard-disk

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif ComboFix

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

    =========================

    In your next post please provide the following:
    • ComboFix.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#21 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 22 January 2014 - 12:29 AM

Hi - Sorry I haven't gotten back to you in a few days. I will do these scans tonight and tomorrow. Thanks for your patience.

 

-NoNo



#22 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 22 January 2014 - 08:50 PM

:thumbup:


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#23 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 23 January 2014 - 08:55 PM

Hi - ok I could not defrag. It ran all night. But I dont think it was working. The little blue circle just kept circling 

The Combofix log is below.

 

ComboFix 14-01-23.02 - gogo 01/23/2014  18:38:43.4.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3002.1776 [GMT -8:00]
Running from: c:\users\gogo\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-24 to 2014-01-24  )))))))))))))))))))))))))))))))
.
.
2014-01-24 02:47 . 2014-01-24 02:48 -------- d-----w- c:\users\gogo\AppData\Local\temp
2014-01-24 02:47 . 2014-01-24 02:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-24 02:47 . 2014-01-24 02:47 -------- d-----w- c:\users\Kids\AppData\Local\temp
2014-01-24 02:47 . 2014-01-24 02:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-24 02:47 . 2014-01-24 02:47 -------- d-----w- c:\users\Daisy\AppData\Local\temp
2014-01-24 01:37 . 2013-10-22 04:38 719224 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C35CD68-A0A5-41DF-AC2C-4D194CB6D41D}\gapaengine.dll
2014-01-24 01:33 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33BC3EBA-CFA6-4893-AFA4-A10042D9A669}\mpengine.dll
2014-01-22 06:26 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-17 06:18 . 2014-01-17 06:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-17 06:18 . 2013-04-04 22:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-08 15:51 . 2014-01-08 15:58 -------- d-----w- C:\AdwCleaner
2014-01-08 15:46 . 2014-01-08 15:46 -------- d-----w- C:\_OTL
2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\system32\GPhotos.scr
2014-01-04 01:20 . 2014-01-04 01:20 -------- d-----w- c:\program files\ESET
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-19 07:32 . 2009-10-02 17:19 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\gogo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\gogo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\gogo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\gogo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 995176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\Daisy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\users\Kids\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\users\gogo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\gogo\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DFX.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DFX.lnk
backup=c:\windows\pss\DFX.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^gogo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\gogo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^gogo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\gogo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-12 05:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 14:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-09-30 23:56 972080 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 17:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTCM Client]
2009-08-05 17:36 1596096 ----a-w- c:\program files\LTCM Client\ltcmClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-09-24 00:21 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 11:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2012-11-13 21:08 3825176 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 16:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-20 16:54 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-17 18:05 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-11-15 05:02 218408 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-07 03:42 210216 ----a-w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ   wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ   WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-17 04:04 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-14 18:15]
.
2014-01-24 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-14 21:08]
.
2014-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-31 18:19]
.
2013-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-31 18:19]
.
2013-08-14 c:\windows\Tasks\HPCeeScheduleForKids.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-20 18:34]
.
2014-01-08 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-14 21:07]
.
2013-05-14 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-05-14 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
mStart Page = 
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-23 18:48
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2014-01-23  18:51:09
ComboFix-quarantined-files.txt  2014-01-24 02:51
ComboFix2.txt  2014-01-12 00:11
ComboFix3.txt  2013-08-13 05:53
.
Pre-Run: 155,582,550,016 bytes free
Post-Run: 154,812,579,840 bytes free
.
- - End Of File - - 43443F4ED7A9E36618F9C713D0AF8AC9
588AE8F0C685C02BA11F30D9CD7E61A0


#24 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 23 January 2014 - 09:51 PM

Hi NoNo,

bullseye_zpse9eaf36e.gif Chkdsk in Vista/7

You must run the command prompt as an administrator or in an "elevated mode".
  • Start menu, in the search bar type "cmd"
  • Right-click the cmd icon, select "run as administrator"
    • If you have user account control (UAC) set up it may prompt you to accept that action.
  • Then type in "chkdsk /r" (make note of the space between chkdsk and /)
=========================

bullseye_zpse9eaf36e.gif Auslogics Disk Defrag Free
  • Download here
  • Install and run
  • Post back after you have completed
=========================

In your next post please provide the following:
  • Update on status

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#25 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 27 January 2014 - 08:38 AM

Hi NoNo,

Just checking in to see if you still need help?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#26 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 29 January 2014 - 05:11 PM

Hi my internet connection is down and haventbeen able to get a connection for past few days. I using a friend to contact you.

 

I ran check disc and did a deFrag. i cant send you the results at this time.

 

I will send you the results as soon as I can get back on line. I can get messages but I will need to get then from a friends computer for now. I dont want to start over if possable.

 

nono



#27 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 29 January 2014 - 09:26 PM

Hi NoNo,

 

No worries, I will leave the thread open until I hear back from you. :thumbup:


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#28 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 07 February 2014 - 09:47 AM

Hi NoNo,

It's been 7 days. Are you ready to move forward yet, or do expect an extended delay?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#29 NoNo

NoNo

    Authentic Member

  • Authentic Member
  • PipPip
  • 108 posts

Posted 09 February 2014 - 01:14 AM

Hi- :adios:

woohoo ! have connection again!  :banana:  I feel like its been a month or two! lol

Im ready !



#30 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 09 February 2014 - 01:20 AM

Hi NoNo,

OK great news! Please go back to post # 24 and complete those steps.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users