Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected laptop


  • Please log in to reply
13 replies to this topic

#1 ssee05

ssee05

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:37 PM

Posted 24 January 2014 - 12:58 PM

Hi! I want to first apologize for not being able to be more descriptive with the Topic Title. I know this laptop is infected and probably with many many things.

 

I got this laptop from a family friend who bought it off some guy who didn't want it anymore. He asked me to look at it because it was having some issues with the keyboard (certain keys not working). I took one glance and told him it was infected with who knows what and looks like someone discovered utorrent and wanted to play catch them all regarding malware/adware.   The family friend decided to let me have the laptop since he didn't want the headach of it.

 

The first thing I noticed, besides the keyboard (Im using a wireless now.) Is the desktop says in bottom right corner that the OP isn't genuine. Its (barely) running off windows seven now, but the sticker on the laptop itself says its supposed to be Vista. Im aware if I want to use this computer I will probably have to end up buying a copy of Windows 7 for it, but before I go out and spend money on a OP I want to make sure the laptop isn't too infected and beyond repair.  

 

I've started by downloading CCleaner and running that.  Then spybot search and destory which was able to clear about 30 malware/adware and PUPs from it.  Ive run disk clean up and updated keyboard drivers (didn't help much.)  I've also uninstalled many programs and deleted the first users many files (pictures, documents, etc.)
 

Beyond those things, Ive not sure how to proceed. Thats the limit to my cleaning computer knownleadge.

So thanks in advance for any help and assistance!

-Sierra



BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,418 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 24 January 2014 - 02:00 PM

Just throwing out another option. If the person upgraded to Windows 7 from Vista and did not do a complete hard drive wipe and re-partition, it's possible you could do a factory reset on the laptop. This would put Vista back on it. Depending on how bad the infection is or was, there is always the possibility that the Recovery Partition was infected too. Second option would be trying out a Linux Live CD like Ubuntu or Linux Mint. You could always install Windows 7 later if you decide Linux did not work out for you. With the amount of possible infection on the laptop, I would zero out the drive before you installed another OS.

 

What is the make and model of the laptop?



#3 ssee05

ssee05
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:37 PM

Posted 24 January 2014 - 11:36 PM

John, Thanks for the response.

I've tried to do a factory reset on the laptop. But I don't get the whole dell emergency back up section in the system recovery options. It just ends after command prompt, so I'm assuming he wiped it. 



#4 JohnC_21

JohnC_21

  • Members
  • 24,418 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 25 January 2014 - 12:00 PM

If that is the case, you can get the windows key from the current install. Just Google Windows 7 keyfinder. You may notice a Jelly Bean. Then you can download the legal iso from here depending on what version you have.

 

http://www.w7forums.com/threads/official-windows-7-sp1-iso-image-downloads.12325/

 



#5 JohnC_21

JohnC_21

  • Members
  • 24,418 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 30 January 2014 - 12:48 PM

Hello, I see you have posted in the link for not receiving a reply in three days. Unfortunatley , Microsoft has taken down all of the iso files for Window 7. Because you laptop was infected, I advised that you should do a clean install, especially because the computer came from another party. You can purchase an OEM disk of Windows 7 or download a linux distro like Ubuntu LTS or Linux Mint. The option is up to you.

Note: It is possible the partition is still there if he just did an upgrade and did not wipe the partition. Right click computer and select manage. Then double click Disk Management. How many partitions are shown and there names or you can post a screen image if possible.

Edited by JohnC_21, 30 January 2014 - 12:48 PM.


#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:37 AM

Posted 30 January 2014 - 05:56 PM

Hello -

As this is a DELL, then only Dell Recovery Disks can be used on it (You can still order them)

 

I am not sure why you think CCleaner is a First option tool.

The Registry cleaner area should never be used, and there are better ways to remove Temp Files.

 

Download all tools to Desktop to run them. Do not save to Temp file areas etc.

 

Vista Win 7 / 8 Right click on the exe icon and select "Run as administrator".

 

Clear Cache / Temp Files
Download TFC by OldTimer to your desktop
• Please double-click TFC.exe to run it.
• For Vista, Win 7 / 8 right-click on the file and choose Run As Administrator
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process.
• Once it's finished it may reboot your machine.
• If it does not, please manually reboot the machine yourself to ensure a complete clean.

 

If you are able to run any other scans, please try these -

Please try to run them in the order listed.

 

First -

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please the Copy and Paste contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so.

 

Next -

Please download MiniToolBox to run it.
Checkmark following boxes:

* List content of Hosts
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (NOTE : Do NOT change any settings here)
* List Users, Partitions and Memory size
Click Go and Copy / Paste the result. (result.txt)

 

Next -

Please post a snapshot with Speccy as this may give us a bit more to look at -
Publish a Snapshot using Speccy << Follow These Directions (only post the link)

 

Next -

Please download and run RKill by Grinler.

A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.

At most the tool will run for about 2 minutes

Please post the log back here.

 

Important: Do not reboot your computer until you complete the next step.

 

* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.

* Untick any programs you do not want removed, or post the R0 log here for us to review
* NOW - Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Next -

Download Malwarebytes' Anti-Malware Free (aka MBAM): to your desktop.
- Do not accept the Free Trial Version at this time -
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer if requested.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

 

If the computer is still working after all this -

 

I would like you to use the ESET OnlineScanner -
This is best done with Internet Explorer, as it uses ActineX  with the scan
How-ever alternate directions are left for thise that will not use Internet Explorer
Please read and follow How To Temporarily Disable Your Anti-virus during the scan.
1 / Hold down Control (Ctrl) key and click on This Link to open ESET OnlineScan in a new window.
2 / Click the ESETOnliner Scanner button.

3 / For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
3.1 - / Click on This Link to download theExternal ESET Smart Installer.
3.2 - / Save it to your desktop.

4 / Double click on the  icon on your desktop.
5 / Check "YES, I accept the Terms of Use."
5 / Click the Start button.
6 / Accept any security warnings from your browser.
7 / Under scan settings, check "Scan Archives" and "Remove found threats"
8 / Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology
9 / ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time.
10 / When the scan completes, click List Threats
11 / Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12 / Click the Back button.
13 / Click the Finish button.
NOTE:Sometimes if ESET finds no infections it will not create a log.

 

Thank You -



#7 ssee05

ssee05
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:37 PM

Posted 01 February 2014 - 03:42 PM

Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG Internet Security 2014      
Microsoft Security Essentials   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 37  
 Java version out of Date! 
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Spybot Teatimer.exe is disabled! 
 AVG avgwdsvc.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 7% 
````````````````````End of Log`````````````````````` 
 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Raymond (administrator) on 01-02-2014 at 13:32:41
Running from "C:\Users\Raymond\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================
 
::1             localhost
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
50.31.74.129 www.google-analytics.com.
50.31.74.129 ad-emea.doubleclick.net.
50.31.74.129 www.statcounter.com.
217.23.13.202 www.google-analytics.com.
217.23.13.202 ad-emea.doubleclick.net.
217.23.13.202 www.statcounter.com.
 
127.0.0.1       localhost
 
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/28/2014 05:29:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 817976
 
Error: (01/28/2014 05:29:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 817976
 
Error: (01/28/2014 05:29:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/28/2014 05:16:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15756
 
Error: (01/28/2014 05:16:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15756
 
Error: (01/28/2014 05:16:02 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/27/2014 11:15:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16317
 
Error: (01/27/2014 11:15:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16317
 
Error: (01/27/2014 11:15:15 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/26/2014 11:24:40 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13385
 
 
System errors:
=============
Error: (02/01/2014 01:01:47 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (02/01/2014 01:01:47 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (02/01/2014 00:57:23 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/01/2014 00:51:36 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (02/01/2014 00:51:36 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (02/01/2014 00:51:03 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error: 
%%1053
 
Error: (02/01/2014 00:51:03 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
 
Error: (02/01/2014 00:50:26 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (02/01/2014 00:50:26 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (02/01/2014 00:47:27 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
 
 
Microsoft Office Sessions:
=========================
Error: (01/28/2014 05:29:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 817976
 
Error: (01/28/2014 05:29:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 817976
 
Error: (01/28/2014 05:29:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/28/2014 05:16:02 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15756
 
Error: (01/28/2014 05:16:02 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15756
 
Error: (01/28/2014 05:16:02 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/27/2014 11:15:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16317
 
Error: (01/27/2014 11:15:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16317
 
Error: (01/27/2014 11:15:15 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/26/2014 11:24:40 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13385
 
 
=========================== Installed Programs ============================
 
Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Reader X (10.1.9) (Version: 10.1.9)
AVG 2014 (Version: 14.0.3681)
AVG 2014 (Version: 14.0.4259)
AVG 2014 (Version: 2014.0.4259)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.10)
Google Chrome (Version: 32.0.1700.76)
Google Update Helper (Version: 1.3.22.3)
Intel® Rapid Storage Technology (Version: 10.5.0.1029)
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 37 (Version: 6.0.370)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
NTI Backup Now EZ (Version: 2.5.2.36)
Spybot - Search & Destroy (Version: 2.2.25)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
Yahoo! Install Manager
Yahoo! Software Update
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 52%
Total physical RAM: 3034.36 MB
Available physical RAM: 1435.74 MB
Total Pagefile: 6066.91 MB
Available Pagefile: 4107.65 MB
Total Virtual: 4095.88 MB
Available Virtual: 3982.71 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:148.95 GB) (Free:118.25 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\RAYMOND-PC
 
Administrator            Guest                    Raymond                  
 
 
**** End of log ****
 
 
 
 
 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 02/01/2014 01:42:53 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
  50.31.74.129 www.google-analytics.com.
  50.31.74.129 ad-emea.doubleclick.net.
  50.31.74.129 www.statcounter.com.
  217.23.13.202 www.google-analytics.com.
  217.23.13.202 ad-emea.doubleclick.net.
  217.23.13.202 www.statcounter.com.
 
Program finished at: 02/01/2014 01:46:35 PM
Execution time: 0 hours(s), 3 minute(s), and 42 seconds(s)
 
 

# AdwCleaner v3.018 - Report created 01/02/2014 at 13:53:56
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Raymond - RAYMOND-PC
# Running from : C:\Users\Raymond\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\GamesBar
Folder Deleted : C:\Users\Raymond\AppData\Roaming\PerformerSoft
File Deleted : C:\Windows\System32\roboot64.exe
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [statuswinks@StatusWinks]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [statuswinks@StatusWinks]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hgojaaaiddhmiiakpejiklijbalpckih
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SearchEngineProtection]
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v32.0.1700.76
 
[ File : C:\Users\Raymond\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3345 octets] - [01/02/2014 13:46:11]
AdwCleaner[S0].txt - [3283 octets] - [01/02/2014 13:53:56]
 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.01.06
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Raymond :: RAYMOND-PC [administrator]
 
Protection: Enabled
 
2/1/2014 2:01:15 PM
mbam-log-2014-02-01 (14-01-15).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202719
Time elapsed: 7 minute(s), 4 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

C:\Users\Raymond\Downloads\Malwarebytes.Anti-Malware.Pro.v1.75.0.1300.Incl.Patch-MeGaHeRTZ.rar a variant of Win32/HackTool.Crack.BR application deleted - quarantined
C:\Users\Raymond\Downloads\spsetup125.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3343 octets] ##########
 


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:37 AM

Posted 01 February 2014 - 04:24 PM

Hi -

First observations

AVG Internet Security 2014 <=    
Microsoft Security Essentials <= NOTE - You have 2 Antivirus programs installed, You must uninstall 1 of them.

 

 Java™ 6 Update 37  Java version out of Date!
Java Auto Updater (Version: 2.0.7.2) <= You have the Updater installed in Control Panel. Open it and the second tab should be Update.

Do NOT accept any offers with your update as they are just advertising, and may include trackers.

Current Java is Version7 Update51, You must remove all old versions from Programs and Features

 

Reset Hosts file, it has been corrupted.
To reset the Hosts file back to the default automatically, click the Fix it button or link, click Run in the File Download dialog box, and then follow the steps in the Fix it wizard. => http://go.microsoft.com/?linkid=9668866

 

There had been a Crack (illegal) Program installed. Do you have any idea which one it may be ?

 

Install avast! cleanup to your desktop and run it (nothing to do with Antivirus).

This will recheck for Unwanted Toolbars and other add-ons.



#9 ssee05

ssee05
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:37 PM

Posted 01 February 2014 - 05:55 PM

Thank you for the response and help. 

 

I'm posting this from a different computer, the keyboard on the infected one is acting as if the windows key is being held down. (When ever I type 'r' run pops up, etc.) I know it isn't stuck because its doing that when I plug in a wireless as well. 

 

I've uninstalled one of the antivirus, updated Java, and ran the fix it program.

There were many programs on this computer that it could have been, I uninstalled many of them already. Utorrent, Frost (I think its name was), Photobucket that i'm sure was cracked and anything else I wasn't 100% sure didn't come to the computer legally.  The only thing still on it that I can only guess would be the OS.  Its running off windows 7 when I know it should be on vista (I could be wrong, but could that be why the keyboard is acting up?) 

Also ran avast. It says there are no add ons detected but when I go specifically to the internet explorer tab and hit "reset settings" it tells me "The configuration of your Microsoft internet explorer could not be updated. Please close your browser and repeat the current operation." I have no browsers open and it worked for chrome. I'd checked task manager to see if one is some how still running, but I can't bring it up.

 

I've also noticed that every time I reset the computer, AVGs sidebar always has the message that the computer isn't fully protected with a fix option that I always have to click. And something about a "Job named 'Cloud Backup' missed a backup and will start in blah blah blah" I usually close out of that because I'm not sure where its coming from.



#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:37 AM

Posted 01 February 2014 - 08:55 PM

Please read and then follow this current directive from Spybot S&D. Malwarebytes, and if required, SUPERAntiSpyware are all that you should need
  How to uninstall?

Spybot – Search & Destroy will uninstall from the Windows Add/Remove Software control panel without problems. The following directories will not be removed during the uninstall procedure, if you want those folder to be deleted, you will have to remove them by hand:

Windows XP: C:\Documents and Settings\All Users\Application Data\Spybot – Search & Destroy\
Windows Vista or Windows 7 or Windows 8: C:\ProgramData\Spybot – Search & Destroy (Please note that the Application Data Folder is hidden. So if you cannot find this folder please check your folder properties.)

Explanation: this folder contains the backup (the quarantined files) that Spybot 2 creates. If the Uninstall would remove this folder as well, this would mean that those backups would be gone. We saw it a few times that new users uninstalled Spybot 2 in panic after they have experienced a small problem, thus removing the backup that would have undone any changes.

FAQ Category: 2.0 only, How to, Spybot 2

I would remove it fully as any infections found can be removed now -

Error: (02/01/2014 00:50:26 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 

 

 

I noted that you (or someone) has only had this for a week or so, and you ,at need to explore it a bit more.

There has been a lot of Updates in that short time, and it will pay to go back to Windows Updates to see their result when you ask for any more available Updates.

Note that only Express (or important) updates need installing, Custom Updates are 99% never required, as they are optional.

 

Utorrent, FrostWire, and a few others are good to remove, and unless it is going to be important.

 

Bonjour (Version: 3.0.0.10) is iTunes, and unless used, can also be removed
10 errors - Error: (01/28/2014 05:29:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 817976

 

Uninstall AVG fully, be sure to read all directions on their site, and reinstall MSE

Install MSE
1.Visit the following Microsoft website:
http://windows.microsoft.com/en-US/windows/products/security-essentials
2.Click Download.
3.Click Run, and then follow the on-screen prompts until the installation is complete.
4.Restart the computer.

 

You may have removed the wrong one



#11 ssee05

ssee05
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:37 PM

Posted 02 February 2014 - 07:38 AM

I've uninstalled spybot and bonjour. I have MSE and I'm currently downloading one important update from Windows update. 



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:37 AM

Posted 02 February 2014 - 09:00 PM

Do you know the actual model of the Dell Laptop ?

 

From there we may be able to find more information -

 

Run these 2 programs to check if all is OK -

First run disk check, because you are not able to type into the sick computer ...........

 

Run a Disk Check on your ( C ): or main drive in Windows 7:
•Click Start and open Computer
•Right-click on C: (or your hard drive letter) and select Properties
•Click on the Tools tab
•Under Error-checking click the Check Now... button
•Mark the 2 boxes next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors
•Click on the Start button
•When the message box pops up, click the Schedule disk check button and Restart your computer
•Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so
This will take (on average) 1 to 2 hours depending on your system, so please let it finish.
DO NOT force a reboot once started a you will lose data and may damage the computer
NOTE - If this is a Laptop please plug it into a reliable power source, as batteries may fail.
The computer will reboot to normal mode once it has completed all 5 stages
-

 

Save a sfc /scannow check for after this finishes (Directions below)

 

Run System File Check from an Elevated Command Prompt
1 Open Elevated Command Prompt as per directions
2 Type sfc /scannow at the flashing word prompt (after system32) and press Enter (note the space between c and / it must be there)

If you are not able to type or copy / paste the words in, tell me and I will check other methods.
3 This should not take longer than 20 minutes to finish, and tell you of problems.

Follow all above notes, but it will not reboot. You may require to run this up to 3 times for a full result.
4 NOTE : Do not touch the keyboard while this is running.



#13 ssee05

ssee05
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:37 PM

Posted 05 February 2014 - 12:02 PM

When I started the laptop up this morning I got a red screen with many options, "Windows with SLIC Loader" Windows without SLIC Loader" and others. I clicked the default one and things seemed to load up okay after that. 

 

Its a Dell Inspiron 1545.

 

I was finally able to get the disk check running (the right click button was acting weird.), which it said started then said it was cancelled when I hadn't touched anything. 

Do you want me to still try and do the System File Check?



#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:37 AM

Posted 05 February 2014 - 04:28 PM

Hi -

Yes please run any program that you are able to.

 

As I have not seen a "Red screen" problem, I am not quite sure what this is.

 

I would prefer you to post this to Malware Removal forum area, since any tools required can not be used in this area.

 

Please Fully read and follow the instructions in the Preparation Guide starting at Step 6.

NOTE :If you cannot complete any step, then skip it and continue with the next.

 

NOTE  - There are instructions for downloading and running DDS which will create two logs. Be sure to Copy / Paste both logs

Windows 8.1 Users will not be able to run DDS and will not create a log.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team experts.

 

After doing this, please reply back in this thread with a link to the new topic so we can closed this one.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users