Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

File Restore...with extra issues!


  • This topic is locked This topic is locked
35 replies to this topic

#1 dbolton

dbolton

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 PM

Posted 31 October 2012 - 09:50 AM

I have a PC with File Restore. I cannot run TDSSKiller, even if I rename it. I cannot install MalwareBytes. I know you want logs in this forum but I cannot run DDS. It has been processing for several minutes and locks up the computer. What I CAN do is start in Safe Mode and run RKILL. Any help is appreciated.

Dan

BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:32 AM

Posted 31 October 2012 - 09:56 AM

Hello dbolton,

Please try using a different version of DDS, download it from the links below, run the tool and post the logs for my review:

DDS.com => http://download.bleepingcomputer.com/sUBs/dds.com
DDS.pif => http://www.forospyware.com/sUBs/dds

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 dbolton

dbolton
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 PM

Posted 31 October 2012 - 01:00 PM

The first link opens and tries to scan but hangs up. I let it go for 30 minutes before I gave up on it. The file from the second link opens in Notepad and is just programming gobbledygook.

#4 dbolton

dbolton
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 PM

Posted 31 October 2012 - 01:18 PM

I figured out the second link. I changed the extension to .pif. It is running but has been for over 15 minutes. It looks like this one won't work either.

#5 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:32 AM

Posted 31 October 2012 - 02:06 PM

Please try the following:


:step1: Please download RKill by Grinler.

Link 1
Link 2
Link 3
Link 4

  • Save it to your desktop.
  • Close/disable your anti virus program so they do not interfere with RKill. (Tutorials on how to disable your anti virus program can be found HERE.)
  • Double click the RKILL icon to start the program. (For Windows VISTA, right click the icon and run as administrator)
  • A window will appear and close automatically once completed. This indicates a successful run.
  • Do not reboot your computer and continue with step 2.
  • Post the rkill log when you reply. (C:\rkill.log)

Note:

  • Try running RKill using Link 1, if it does not run, download Link 2 and delete Link 1 then try running it again.
  • If you still can't run RKill, repeat the same steps using Link 3 and 4. Please tell me if all the link does not work.





:step2: Download OTL by OldTimer from one of the links below:

Link 1
Link 2

  • Save it to your desktop.
  • Close all open windows on the Task Bar.
  • Double click the OTL icon to run the program (run as Administrator for Windows Vista/7).
  • Put a check mark on Scan All Users.
  • Click the Run Scan button and let it run uninterrupted.
  • It will create two reports namely OTL.txt (will be opened) and Extras.txt (will be minimized).
  • Post the contents of both reports when you reply.
  • Exit OTL.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#6 dbolton

dbolton
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 PM

Posted 31 October 2012 - 02:36 PM

See attached files.

Attached Files



#7 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:32 AM

Posted 31 October 2012 - 02:45 PM

It's 4am on my time zone so I will review your logs and post the necessary instructions ASAP. Thanks.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:32 AM

Posted 31 October 2012 - 09:43 PM

Hi,

Please do not attach logs unless instructed, posting directly makes them more readable.

Viewpoint Warning:
I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player


==============================================


:step1: Please uninstall the following:


:step2: Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    SRV - [2012/04/24 13:17:44 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe -- (MapsGalaxy_39Service)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\SLiQ\SLiQAutoUpdate\nuserv.exe -- (nuService)
    SRV - [2011/11/16 08:44:56 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Adapter | Unavailable | Unknown] -- -- (PnSson)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxdm429W1US&ptnrS=ZRxdm429W1US&ptb=HZSGMAVJRo.3WtWlL0SFQg&ind=2011111607&n=77df20b7&psa=&st=sb&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-1318808811-623969416-5522801-8676\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
    IE - HKU\S-1-5-21-1318808811-623969416-5522801-8676\..\URLSearchHook: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No CLSID value found
    IE - HKU\S-1-5-21-1318808811-623969416-5522801-8676\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1318808811-623969416-5522801-8676\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1318808811-623969416-5522801-8676\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRxdm429W1US&ptnrS=ZRxdm429W1US&ptb=HZSGMAVJRo.3WtWlL0SFQg&ind=2011111607&n=77df20b7&psa=&st=sb&searchfor={searchTerms}
    IE - HKU\S-1-5-21-1318808811-623969416-5522801-8676\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBR_en
    IE - HKU\S-1-5-21-1318808811-623969416-5522801-8676\..\SearchScopes\{A86CB93C-AF88-B5FE-F4D9-E79E5C6A4474}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
    FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2011/11/16 08:45:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\39ffxtbr@MapsGalaxy_39.com: C:\Program Files\MapsGalaxy_39\bar\1.bin [2012/04/24 13:17:54 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (MindSpark)
    O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
    O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O2 - BHO: (Toolbar BHO) - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
    O2 - BHO: (Search Assistant BHO) - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (MindSpark)
    O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O3 - HKLM\..\Toolbar: (MapsGalaxy) - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
    O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O3 - HKU\S-1-5-21-1318808811-623969416-5522801-8676\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O3 - HKU\S-1-5-21-1318808811-623969416-5522801-8676\..\Toolbar\WebBrowser: (MapsGalaxy) - {364EA597-E728-4CE4-BB4A-ED846EF47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
    O3 - HKU\S-1-5-21-1318808811-623969416-5522801-8676\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O4 - HKLM..\Run: [LaiuyRkGjiQD.exe] C:\Documents and Settings\All Users\Application Data\LaiuyRkGjiQD.exe (EliteGroup)
    O4 - HKLM..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" File not found
    O4 - HKLM..\Run: [MapsGalaxy Search Scope Monitor] C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrchMn.exe (MindSpark)
    O4 - HKLM..\Run: [MapsGalaxy_39 Browser Plugin Loader] C:\Program Files\MapsGalaxy_39\bar\1.bin\39brmon.exe (VER_COMPANY_NAME)
    O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
    O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
    O4 - HKU\S-1-5-21-1318808811-623969416-5522801-8676..\Run: [AWt8j8Lvt1lU94] C:\Documents and Settings\All Users\Application Data\AWt8j8Lvt1lU94.exe ()
    O4 - HKU\S-1-5-21-1318808811-623969416-5522801-8676..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?s=100000336&p=ZRxdm429W1US&a=HZSGMAVJRo.3WtWlL0SFQg&n=2011111607 File not found
    [2012/10/31 09:48:55 | 000,434,688 | ---- | C] (EliteGroup) -- C:\Documents and Settings\All Users\Application Data\LaiuyRkGjiQD.exe
    [2012/10/31 10:04:01 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-AWt8j8Lvt1lU94r
    [2012/10/31 10:04:01 | 000,000,152 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\-AWt8j8Lvt1lU94
    [2012/10/31 10:04:00 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\tjodice\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
    [2012/10/31 10:04:00 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\tjodice\Desktop\File_Restore.lnk
    [2012/10/31 10:04:00 | 000,000,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AWt8j8Lvt1lU94
    [2012/10/31 10:03:50 | 000,347,136 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\AWt8j8Lvt1lU94.exe
    [2012/10/31 09:46:38 | 000,434,688 | ---- | M] (EliteGroup) -- C:\Documents and Settings\All Users\Application Data\LaiuyRkGjiQD.exe
    
    :Files
    ipconfig /flushdns /c
    C:\Program Files\MyWebSearch
    C:\Program Files\Search Toolbar
    C:\Program Files\MapsGalaxy_39
    
    :Commands
    [RESETHOSTS]
    [CREATERESTOREPOINT] 
    [REBOOT] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.

Note: If the log did not pop-up... please go to C:\ > _OTL > MovedFiles and look for the report (text file), the file name of the log starts with the date when you run the fix. Post the contents please.



:step3: Please download unhide.exe and save it to your desktop.
  • Double click on it to run the tool (Run as administrator for Windows Vista/7).
  • You will receive a message "Your files should now be visible" once completed.
  • Click OK.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 dbolton

dbolton
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 PM

Posted 01 November 2012 - 07:02 AM

========== OTL ==========
Error: No service named MapsGalaxy_39Service was found to stop!
Service\Driver key MapsGalaxy_39Service not found.
File C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe not found.
Service nuService stopped successfully!
Service nuService deleted successfully!
File C:\Program Files\SLiQ\SLiQAutoUpdate\nuserv.exe not found.
Error: No service named MyWebSearchService was found to stop!
Service\Driver key MyWebSearchService not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE not found.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Error: No service named PnSson was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PnSson deleted successfully.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service LMIInfo stopped successfully!
Service LMIInfo deleted successfully!
File C:\Program Files\LogMeIn\x86\RaInfo.sys not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service bvrp_pci stopped successfully!
Service bvrp_pci deleted successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_USERS\S-1-5-21-1318808811-623969416-5522801-8676\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL not found.
Registry value HKEY_USERS\S-1-5-21-1318808811-623969416-5522801-8676\Software\Microsoft\Internet Explorer\URLSearchHooks\\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295}\ not found.
HKEY_USERS\S-1-5-21-1318808811-623969416-5522801-8676\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1318808811-623969416-5522801-8676\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1318808811-623969416-5522801-8676\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_USERS\S-1-5-21-1318808811-623969416-5522801-8676\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-1318808811-623969416-5522801-8676\Software\Microsoft\Internet Explorer\SearchScopes\{A86CB93C-AF88-B5FE-F4D9-E79E5C6A4474}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A86CB93C-AF88-B5FE-F4D9-E79E5C6A4474}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ not found.
File C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com not found.
C:\Program Files\MyWebSearch\bar\1.bin folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\39ffxtbr@MapsGalaxy_39.com not found.
C:\Program Files\MapsGalaxy_39\bar\1.bin folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin\ not found.
File C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e91a655-bb4b-4693-a05e-2edebc4c9d89}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e91a655-bb4b-4693-a05e-2edebc4c9d89}\ not found.
File C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71c1d63a-c944-428a-a5bd-ba513190e5d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71c1d63a-c944-428a-a5bd-ba513190e5d2}\ not found.
File C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{364ea597-e728-4ce4-bb4a-ed846ef47970} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{364ea597-e728-4ce4-bb4a-ed846ef47970}\ not found.
File C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1318808811-623969416-5522801-8676\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL not found.
Registry value HKEY_USERS\S-1-5-21-1318808811-623969416-5522801-8676\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{364EA597-E728-4CE4-BB4A-ED846EF47970} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{364EA597-E728-4CE4-BB4A-ED846EF47970}\ not found.
File C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1318808811-623969416-5522801-8676\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LaiuyRkGjiQD.exe deleted successfully.
C:\Documents and Settings\All Users\Application Data\LaiuyRkGjiQD.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LogMeIn GUI deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy Search Scope Monitor not found.
File C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrchMn.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy_39 Browser Plugin Loader not found.
File C:\Program Files\MapsGalaxy_39\bar\1.bin\39brmon.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor not found.
File C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE not found.
Registry value HKEY_USERS\S-1-5-21-1318808811-623969416-5522801-8676\Software\Microsoft\Windows\CurrentVersion\Run\\AWt8j8Lvt1lU94 deleted successfully.
C:\Documents and Settings\All Users\Application Data\AWt8j8Lvt1lU94.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1318808811-623969416-5522801-8676\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ not found.
File C:\Documents and Settings\All Users\Application Data\LaiuyRkGjiQD.exe not found.
C:\Documents and Settings\All Users\Application Data\-AWt8j8Lvt1lU94r moved successfully.
C:\Documents and Settings\All Users\Application Data\-AWt8j8Lvt1lU94 moved successfully.
C:\Documents and Settings\tjodice\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk moved successfully.
C:\Documents and Settings\tjodice\Desktop\File_Restore.lnk moved successfully.
C:\Documents and Settings\All Users\Application Data\AWt8j8Lvt1lU94 moved successfully.
File C:\Documents and Settings\All Users\Application Data\AWt8j8Lvt1lU94.exe not found.
File C:\Documents and Settings\All Users\Application Data\LaiuyRkGjiQD.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\tjodice\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\tjodice\Desktop\cmd.txt deleted successfully.
C:\Program Files\MyWebSearch\bar folder moved successfully.
C:\Program Files\MyWebSearch folder moved successfully.
File\Folder C:\Program Files\Search Toolbar not found.
C:\Program Files\MapsGalaxy_39\bar folder moved successfully.
C:\Program Files\MapsGalaxy_39 folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Unable to start System Restore Service. Error code 10

OTL by OldTimer - Version 3.2.69.0 log created on 11012012_075132

#10 dbolton

dbolton
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 PM

Posted 01 November 2012 - 07:13 AM

Now I can only boot in Safe Mode. I am getting a Blue Screen when I try to boot regularly.

#11 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:32 AM

Posted 01 November 2012 - 07:41 AM

Hi, let's try to figure it out.

We need the BSOD Technical information.
  • Press F8 key repeatedly as soon as you start your computer.
  • Use arrow key to highlight Disable Automatic Restart on System Failure then hit enter.
  • The PC will now show you a blue screen after it failed to boot.
  • Copy the Technical information in the blue screen and post it when you reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#12 dbolton

dbolton
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 PM

Posted 01 November 2012 - 08:33 AM

STOP: 0x0000007e (0xc0000005, 0x847ae097, 0xf7a25a90, 0xf7a2578c)

#13 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:32 AM

Posted 01 November 2012 - 09:01 AM

Please try to boot using the last known good configuration: http://support.microsoft.com/kb/307852

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#14 dbolton

dbolton
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:32 PM

Posted 01 November 2012 - 09:20 AM

Used Last Known Good and had the same results....a blue screen but with different technical info:

STOP: oxoooooo7e (0xc0000005, 0x84c00097, 0xf7a31a90, 0xf7a3178c)

#15 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:32 AM

Posted 01 November 2012 - 09:30 AM

Please try to run BlueScreenView in safe mode.


Download the zip file BlueScreenView

  • Unzip the file to your desktop.
  • Double click on BlueScreenView.exe to run the program and wait till the scan is complete.
  • Go to Edit > Select All.
  • Go to File > Save Selected Items
  • Save the report as BSOD.txt and paste the contents into your next reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users