Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Unknown infection and can't run FRST [Solved]

win 7 32 bit

  • This topic is locked This topic is locked
41 replies to this topic

#16 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 30 November 2014 - 11:26 AM

OK - going out for a while but will check in later.


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

    Advertisements

Register to Remove


#17 GeekStyle59

GeekStyle59

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 30 November 2014 - 06:39 PM

Alright Satchfan, I'm ready to tackle this again for a bit. What I can tell you is that somethings are much faster than they were and bootup is much slower. Lightroom still is malfunctioning in the Develop Module. All other programs are working as they should and a few of them are MUCH faster. I had to re-install Photoshop Elements 10 because I needed to use it. I had uninstalled it before we started working together.

 

Two specific bootup problems. CCleaner is asking to load and I am denying it. Is there a way to shut that off? Or, even better, is there a better clean up program that I can use instead? I took a quick look at your "doucmentation" about IObit, etc. and I would certainly trust your judgement. I have been using the IObit Advanced System Care since at least version 4 and I think removing it is why the system went back to a very old wallpaper (can only imagine how much change that meant under the hood of the system!).

 

The second bootup issue is that I get a very quick message that "DSD_3420 (not responding)" and then the small box delivering the message goes away. I have no idea what that i connected to. Do you?



#18 GeekStyle59

GeekStyle59

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 30 November 2014 - 07:22 PM

"For Intel video adapters, go to the Intel website. Tested video cards for Photoshop CC and CC 2014

Adobe tested the following video cards before the release of Photoshop CC and CC 2014. This document lists the video card by series. The minimum amount of VRAM supported on video cards for Photoshop CC and CC 2014 is 512 MB.

 

Adobe tested laptop and desktop versions of the following cards. Be sure to download the latest driver for your specific model (Laptop and desktop versions have slightly different names.)....Intel HD Graphics P3000"

 

The above is taken from this website:

 

http://helpx.adobe.c...aq1.html#Tested video cards for Photoshop CC and CC 2014

 

Now my graphics card is just listed as just INtel HD graphics 3000. I did find, on the Intel, a 32 and 64 bit update for my card.



#19 GeekStyle59

GeekStyle59

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 30 November 2014 - 09:06 PM

No, I don't think the Lightroom problem is hardware related because, just to test it myself, I just re-installed Lightroom 4 -- which worked perfectly until I installed LIghtroom 5! Again, after install, same problem in the Develop module



#20 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 01 December 2014 - 02:15 AM

Lightroom still is malfunctioning in the Develop Module

That is not something I can help with as I know nothing about it or any of the graphics problems you’re having. When we finish up here I’ll give you a link to another of our forums where they should be able to help.
 

CCleaner is asking to load and I am denying it. Is there a way to shut that off?

You could disable it from starting or just uninstall it.
 

DSD_3420 (not responding)

That is a message relating to Dell System Detect which scans your computer for your service tag; this is to enable automatic detection of updates related to drivers, downloads & other recommended software.

It is unnecessary and your drivers don’t need to be updated unless you are having problems, in which case they can be updated manually. You can uninstall Dell System Detect via the Control panel in the usual way.


I think we’ll run some final scans and if all is well, we can tidy up and I’ll give you my security recommendations etc.


Run Security Check

Download Security Check by screen317 from here or here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

================================================
 

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

 

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scan” tab, select Threat Scan, then click Scan.
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

===================================================

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

 

  • click the Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Enable detection of potentially unwanted applications
  • click Advanced settings and select the following:


    o    scan archives
    o    scan for potentially unsafe applications
    o    enable Anti-Stealth technology
     

    Note: Do not check Remove found threats

     
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.


    Note - if ESET doesn't find any threats, no report will be created.
     

  • push the back button.
  • push Finish

When the scan is complete:

If no threats were found:


o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found
 

If threats were found:


o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    Click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here.
 

Logs to include with the next post:

checkup.txt
Mbam.txt
Eset results
(if there are any)

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#21 GeekStyle59

GeekStyle59

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 01 December 2014 - 08:40 AM

1) Lightroom problem solved quickly and easily after a post on the Adobe Lightroom fourm (just had to remove a preference file!)

 

2) Uninstalled CCleaner. The AVast Siren went off as soon as I hit Uninstall, too.

 

3) Removed the DSD_3420 program

 

Now please don't get upset with me but, in an absence of your response and your apparent trust in Bleeping Computer, I download and ran Combo Fix which apparently cleaned up a lot. It is only fair that I let you know that before I run your next suggestions which I will now work my way through.

 

Well, the ESET scan is only 34% complete and is going to take quite a bit more time. It has just scanned a Win32/HackTool that I will love to get rid of! Whie waiting, here are the other reports:

 

Security Check

 

 Results of screen317's Security Check version 0.99.91  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spyder4Pro     
 Malwarebytes Anti-Malware version 2.0.3.1025  
 Java 7 Update 71  
 Adobe Flash Player 15.0.0.239  
 Mozilla Firefox (33.1) 
 Google Chrome (39.0.2171.65) 
 Google Chrome (39.0.2171.71) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 
 
 
MBAM
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/1/2014
Scan Time: 6:09:28 AM
Logfile: MBAM log file.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.12.01.02
Rootkit Database: v2014.11.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Grandma
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360405
Time Elapsed: 20 min, 22 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
ESET has already been running for almost 3 hours and it jut reached 41% so it will be wuite a while before I can get that report to you.
 


#22 GeekStyle59

GeekStyle59

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 01 December 2014 - 01:23 PM

ESET Report

 

C:\MGtools\Process.exe Win32/PrcView potentially unsafe application
C:\PDFXVwer\PDFXVwer.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Program Files\IObit\Advanced SystemCare 6\ASCPatch.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\Grandma\Downloads\ccsetup500.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Grandma\Downloads\spsetup126.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Software - XP\PDFXVwer\PDFXVwer.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Software - Current\PDFXVwer.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Software - Current\PDFXVwer\PDFXVwer.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
F:\June 21-2013\speccysetup122.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
F:\Software - Current\PDFXVwer.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
F:\Software - Current\PDFXVwer\PDFXVwer.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application


#23 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 01 December 2014 - 02:53 PM

in an absence of your response and your apparent trust in Bleeping Computer

 

We ask you at the beginning not to run any programs unless requested: this is for a reason.

 

Yes, I trust BleepingComputer and they correctly have a warning on the download page about what you have done:

"Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper".
 

I download and ran Combo Fix which apparently cleaned up a lot.

 

How do you know that it "cleaned up a lot"? Those "infections" could have been legitimate files that you may need at some point and no longer have.

I'd like you to send me the log you got from ComboFix:

ComboFix logs are located at c:\combofix.txt

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#24 GeekStyle59

GeekStyle59

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 01 December 2014 - 03:30 PM

My apologies :-( Yes, I just read through it and it does indeed look as though I might have screwed up big time, but I AM glad that it shows you the Internet Explorer Ghostviet stuff because IE opens up two tabs of it and I have not been able to change that no matter what I have tried. Anyway, here is the Comb Fix report:

 

ComboFix 14-11-25.01 - Grandma 11/30/2014  22:17:23.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3492.1646 [GMT -5:00]
Running from: c:\users\Grandma\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\system32\drivers\Setup.exe
D:\Setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-01 to 2014-12-01  )))))))))))))))))))))))))))))))
.
.
2014-11-30 19:05 . 2014-11-30 19:05 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2014-11-30 18:10 . 2014-11-30 18:31 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-30 18:10 . 2014-10-01 16:39 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-30 18:10 . 2014-10-01 16:39 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-30 18:10 . 2014-10-01 16:39 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-30 12:27 . 2014-11-30 12:27 -------- d-----w- c:\windows\ERUNT
2014-11-30 09:03 . 2014-11-30 09:03 -------- d-----w- c:\program files\Intel Driver Update Utility
2014-11-30 08:37 . 2014-11-30 08:37 -------- d-----w- c:\program files\NVIDIA Corporation
2014-11-30 05:49 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CC79489-B8A0-41CE-A00D-A043121F8178}\mpengine.dll
2014-11-30 02:13 . 2014-11-30 02:17 -------- d-----w- C:\MGADiagToolOutput
2014-11-30 02:12 . 2014-11-30 02:12 -------- d-----w- c:\programdata\Office Genuine Advantage
2014-11-29 04:05 . 2014-11-29 06:34 -------- d-----w- C:\MGtools
2014-11-29 03:07 . 2014-11-29 03:10 -------- d-----w- c:\programdata\HitmanPro
2014-11-29 03:06 . 2014-11-29 10:53 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-11-29 03:06 . 2014-11-29 03:06 -------- d-----w- c:\programdata\RogueKiller
2014-11-29 03:06 . 2014-11-30 18:09 -------- d-----w- C:\Desktop
2014-11-29 02:12 . 2014-11-29 02:12 -------- d-----w- c:\users\Admin\AppData\Local\Datacolor
2014-11-28 06:55 . 2014-11-28 06:55 -------- d-----w- c:\program files\CCleaner
2014-11-28 03:10 . 2014-11-28 03:10 -------- d-sh--w- c:\users\Grandma\AppData\Local\EmieBrowserModeList
2014-11-19 18:05 . 2014-11-11 02:44 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 18:05 . 2014-11-11 02:44 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-19 11:14 . 2014-11-19 11:14 -------- d-----w- C:\WTablet
2014-11-17 20:10 . 2014-11-17 20:10 -------- d-----w- c:\users\Grandma\AppData\Roaming\LavasoftStatistics
2014-11-17 19:52 . 2014-11-17 19:55 -------- d-----w- C:\AdwCleaner
2014-11-17 19:23 . 2013-09-02 07:58 263072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2014-11-17 06:18 . 2014-11-17 06:18 -------- d--h--w- c:\windows\system32\WLANProfiles
2014-11-17 06:02 . 2014-11-17 06:02 -------- d-----w- c:\programdata\IntelDLM
2014-11-17 05:58 . 2014-11-17 05:58 -------- d-----w- c:\users\Grandma\AppData\Local\Intel
2014-11-17 03:54 . 2014-11-17 03:54 -------- d-----w- c:\program files\Tracker Software
2014-11-17 02:38 . 2014-11-17 02:38 -------- d-----w- c:\windows\9B4D16A7393F470C8B9F74AE1EA6C105.TMP
2014-11-16 02:36 . 2014-11-16 02:37 -------- d-----w- c:\users\Grandma\AppData\Local\Datacolor
2014-11-16 02:36 . 2014-11-16 02:36 -------- d-----w- c:\program files\Datacolor
2014-11-12 12:21 . 2014-10-18 01:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 12:21 . 2014-08-12 01:36 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-12 12:21 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2014-11-12 12:19 . 2014-11-06 02:20 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-12 12:19 . 2014-11-06 03:10 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-12 12:19 . 2014-11-06 02:36 817664 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-11-12 12:19 . 2014-11-06 03:13 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-12 12:19 . 2014-11-06 02:21 4298240 ----a-w- c:\windows\system32\jscript9.dll
2014-11-12 02:06 . 2014-11-30 09:03 -------- d-----w- c:\programdata\Package Cache
2014-11-10 00:10 . 2014-11-11 01:19 29 ---h--r- c:\programdata\GD4985JED2.sys
2014-11-09 23:39 . 2014-11-17 02:37 -------- d-----w- c:\users\Grandma\AppData\Roaming\ThePluginSite
2014-11-07 19:28 . 2014-11-07 19:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-11-07 19:28 . 2014-11-07 19:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-11-07 19:28 . 2014-11-07 19:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-11-07 19:28 . 2014-11-07 19:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-11-07 19:28 . 2014-11-07 19:28 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-11-07 19:28 . 2014-11-07 19:28 -------- d-----w- c:\program files\QuickTime
2014-11-07 19:24 . 2014-11-07 19:24 -------- d-----w- c:\program files\iPod
2014-11-07 19:24 . 2014-11-07 19:26 -------- d-----w- c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-07 19:24 . 2014-11-07 19:26 -------- d-----w- c:\program files\iTunes
2014-11-05 13:14 . 2008-11-17 05:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-29 06:34 . 2014-11-29 04:05 474729 ----a-w- C:\MGlogs.zip
2014-11-26 12:39 . 2014-09-28 13:44 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-26 12:39 . 2014-09-28 13:44 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-22 00:14 . 2013-06-08 21:24 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-21 13:53 . 2013-06-08 21:24 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-04 19:30 . 2010-04-28 03:44 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-11-01 01:53 . 2013-06-08 21:24 70384 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-10-26 13:52 . 2014-01-01 01:30 91496 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-10-26 13:52 . 2014-10-26 13:52 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-10-26 13:52 . 2014-10-26 13:52 43152 ----a-w- c:\windows\avastSS.scr
2014-10-26 13:52 . 2014-05-01 05:26 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-26 13:52 . 2013-06-08 21:24 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-10-26 13:52 . 2013-06-08 21:24 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-26 13:52 . 2013-06-08 21:24 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-18 01:53 . 2014-10-18 01:54 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-10-05 01:20 . 2014-10-05 01:20 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-10-02 19:23 . 2014-10-02 19:23 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-10-02 19:23 . 2014-10-02 19:23 69632 ----a-w- c:\windows\system32\QuickTime.qts
2014-09-12 00:07 . 2014-09-12 00:07 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-09 21:47 . 2014-09-23 23:41 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 05:04 . 2014-10-18 02:01 372736 ----a-w- c:\windows\system32\rastls.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Grandma\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Grandma\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Grandma\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Grandma\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Grandma\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Grandma\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Grandma\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Grandma\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-26 13:52 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-10-01 22065760]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-11-21 5282584]
"DellSystemDetect"="c:\users\Grandma\AppData\Local\Apps\2.0\4568C6E5.B0R\TB1LKN1N.68X\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe" [2014-11-30 264488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 501624]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-01 5223016]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-04-09 145904]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-04-09 181232]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-04-09 189936]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-06-20 280576]
.
c:\users\Grandma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Grandma\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-13 35419192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SpyderUtility.lnk - c:\program files\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe [2012-2-8 8241767]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray]
2010-12-17 07:45 302240 ----a-w- c:\program files\Dell Wireless\Bluetooth Suite\AthBtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtStack]
2010-12-17 07:45 486560 ----a-w- c:\program files\Dell Wireless\Bluetooth Suite\BtvStack.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLEServicesCtrl]
2012-03-15 03:58 153360 ----a-w- c:\program files\Intel\Bluetooth\BleServicesCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTMTrayAgent]
2012-03-27 01:01 10881296 ----a-w- c:\program files\Intel\Bluetooth\btmshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-10-15 10:42 157480 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-11-28 2631456]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-04 315008]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2013-07-29 112608]
R3 aswVmm;avast! VM Monitor;c:\users\Grandma\AppData\Local\Temp\aswVmm.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Intel\Bluetooth\mediasrv.exe [2012-03-27 1304912]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2012-02-13 76800]
R3 eyeonedp;eye-one display;c:\windows\system32\DRIVERS\eyeonedp.sys [2004-05-07 44344]
R3 i1display;i1 Display;c:\windows\system32\Drivers\i1display.sys [2004-10-15 44344]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-06 102912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-30 114904]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-10-07 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 197224]
R3 Spyder4;Datacolor Spyder4;c:\windows\system32\DRIVERS\dccmtr.sys [2011-06-02 12288]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-07 49664]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-28 1343400]
S0 aswRvrt;avast! Revert; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-11-22 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-11-21 423784]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-10-26 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-11-01 70384]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-10-26 91496]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Dell Wireless\Ath_CoexAgent.exe [2010-10-01 151552]
S2 AtherosSvc;AtherosSvc;c:\program files\Dell Wireless\Bluetooth Suite\adminservice.exe [2010-12-17 56480]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files\Intel\Bluetooth\devmonsrv.exe [2012-03-27 1014096]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Intel\Bluetooth\obexsrv.exe [2012-03-27 1104208]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-07 450560]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]
S2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2006-05-11 14416]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2007-09-07 1373480]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-10-26 218192]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-07 1437696]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-12-17 34976]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-10-26 3192344]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2010-10-25 60416]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-12-17 258720]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-12-17 24736]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-12-17 175776]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-12-17 49312]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-12-17 141088]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2012-02-13 558592]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2012-03-21 48128]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2013-06-08 289792]
S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-08-03 7517696]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-10-26 322664]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [2011-07-20 107840]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [2011-07-20 320832]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-26 02:07 1087304 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-28 12:39]
.
2014-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-07 02:57]
.
2014-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-07 02:57]
.
2014-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135014543-1366911502-1036751248-1003Core.job
- c:\users\Grandma\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-27 01:31]
.
2014-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3135014543-1366911502-1036751248-1003UA.job
- c:\users\Grandma\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-27 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ghostviet.com/
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Grandma\AppData\Roaming\Mozilla\Firefox\Profiles\morjvmye.default\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-Advanced SystemCare 7 - c:\program files\IObit\Advanced SystemCare 7\ASCTray.exe
c:\users\Grandma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SleepMapper Data Card Uploader.lnk - c:\users\Grandma\AppData\Local\Apps\2.0\4568C6E5.B0R\TB1LKN1N.68X\pcmd..tion_0273333114cba30a_0001.0004_0d16dfeb5fcf88c2\PCMDCA.exe -FromStartup
MSConfigStartUp-EaseUS EPM tray - c:\program files\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
AddRemove-_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF} - c:\program files\Corel\Corel Painter Essentials 3\MSILauncher {0C180787-F8C8-42FD-A9D3-689BA44BEAAF}
.
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6020)
c:\program files\Dell Wireless\Bluetooth Suite\AthCopyHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\windows\system32\PSIService.exe
c:\windows\System32\WUDFHost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\taskhost.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\program files\Microsoft Mouse and Keyboard Center\itype.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\system32\conhost.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\iTunes\iTunes.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\system32\conhost.exe
c:\users\Grandma\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\windows\ehome\ehRec.exe
c:\program files\Common Files\Apple\Mobile Device Support\ATH.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\SyncServer.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exe
c:\windows\system32\conhost.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2014-11-30  22:40:49 - machine was rebooted
ComboFix-quarantined-files.txt  2014-12-01 03:40
.
Pre-Run: 240,384,905,216 bytes free
Post-Run: 239,920,103,424 bytes free
.
- - End Of File - - 2E837AACD31C81A9912A6A1E59484F90
671B81004FDD1588FA9ED1331C9CECA9


#25 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 01 December 2014 - 04:16 PM

it shows you the Internet Explorer Ghostviet

That was seen in the first scan I asked you to run so ComboFix "fixed/found" nothing that we didn't know about.
 

IE opens up two tabs of it and I have not been able to change that no matter what I have tried

You didn't mention this before - is it still a problem?

We need to get rid of what was found in the Eset scan.

Please copy all text in the code box below and paste it into Notepad:
 


@echo off
del /f /s /q "C:\MGtools\Process.exe Win32/PrcView"
del /f /s /q "C:\PDFXVwer\PDFXVwer.exe"
del /f /s /q "C:\Program Files\IObit\Advanced SystemCare 6"
del /f /s /q "C:\ProgramData\IObit\ASCDownloader"
del /f /s /q "C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe"
del /f /s /q "C:\Users\Grandma\Downloads\ccsetup500.exe"
del /f /s /q "C:\Users\Grandma\Downloads\spsetup126.exe"
del /f /s /q "D:\Software - XP\PDFXVwer\PDFXVwer.exe"
del /f /s /q "D:\Software - Current\PDFXVwer.zip"
del /f /s /q "D:\Software - Current\PDFXVwer\PDFXVwer.exe"
del /f /s /q "F:\June 21-2013\speccysetup122.exe"
del /f /s /q "F:\Software - Current\PDFXVwer.zip"
del /f /s /q "F:\Software - Current\PDFXVwer\PDFXVwer.exe"
del %0
  • save the Notepad file to your desktop and name it delfiles.bat
  • save type as "All Files"
  • on your desktop, double-click on delfiles.bat to run it, (a black CMD window will flash, then disappear - this is normal).

Please answer the question about IE.

 

Satchfan

 


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

    Advertisements

Register to Remove


#26 GeekStyle59

GeekStyle59

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 01 December 2014 - 04:38 PM

Am going to do this and then I have to go out for a few hours. Back later in 3 hours.



#27 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 01 December 2014 - 05:16 PM

Time difference - I'm off to sleep now and have a busy day tomorrow but your computer is fine so we'll complete this tomorrow.

 

Satchfan


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#28 GeekStyle59

GeekStyle59

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 01 December 2014 - 10:12 PM

Quote

it shows you the Internet Explorer Ghostviet

That was seen in the first scan I asked you to run so ComboFix "fixed/found" nothing that we didn't know about.
 

Quote

IE opens up two tabs of it and I have not been able to change that no matter what I have tried

You didn't mention this before - is it still a problem?

 

 

 

Yes, it is still a problem.



#29 Satchfan

Satchfan

    SuperHelper

  • Malware Team
  • 6,745 posts
  • Interests:LFC, music, more LFC, more music

Posted 02 December 2014 - 02:46 AM

Please run RogueKiller again and send the new log.


NINA - Proud graduate of the WTT Classroom

Member of UNITE

The help you receive here is free but if you feel I have helped, you may consider making a Donation.

#30 GeekStyle59

GeekStyle59

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 02 December 2014 - 06:01 AM

RogueKiller report

 

RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Grandma [Administrator]
Mode : Scan -- Date : 12/02/2014  06:57:09
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 15 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswVmm (\??\C:\Users\Grandma\AppData\Local\Temp\aswVmm.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\Grandma\AppData\Local\Temp\catchme.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswVmm (\??\C:\Users\Grandma\AppData\Local\Temp\aswVmm.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\Grandma\AppData\Local\Temp\catchme.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswVmm (\??\C:\Users\Grandma\AppData\Local\Temp\aswVmm.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme (\??\C:\Users\Grandma\AppData\Local\Temp\catchme.sys) -> Found
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.co...t&type=avastbcl  -> Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-3135014543-1366911502-1036751248-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://ghostviet.com/  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> Found
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3135014543-1366911502-1036751248-1003\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-75A23T0 ATA Device +++++
--- User ---
[MBR] 55a8383f61851be5a8bba1ea2379f97c
[BSP] 47903395ed53d7ac174fbf6fe04b27d5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_11282014_230134.log - RKreport_SCN_11292014_055922.log - RKreport_SCN_12022014_064859.log

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users