Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Vista Am I infected


  • Please log in to reply
3 replies to this topic

#1 TC8

TC8

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:53 AM

Posted 06 June 2014 - 04:32 AM

PC Crashes trying to delete MBAM findings

I scan every week with the free Malwarebytes and have been fine until this week. 164 PUP green bug things, managed to delete 100 but the computer kept crashing every time I tried to delete the others even after re-scanning. 
Here's a log of a 2 of them C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcpehlgijbdajfafffojllcaecaecngb (PUP.Optional.MindSpark.A) -> No action taken. 
Then ditto on the next one until the end bit which is (PUP.Optional.MindSpark.A) -> No action taken.

Then the others are all the same apart from the end bits (as u can tell I am really computer minded :)which are all different with no action taken.

I have CC, TeamSpybot, I defraggle, I have speccy, icloud, Microsoft Security & HP Total Care Advisor. 
I did have Panda Cloud but it kept vanishing & even tho it is still in my programmes I can't seem to facilitate it. 
I was also using WOT but that also vanished when I switched to Google Chrome ( I had nothing but trouble when I tried Chrome last year) 

I managed to reload Panda & Spybot yesterday & then I managed to delete the PUPs. 

Is there anything else I should be using? I have tried package antivirus in the past & on both packages N****N & Mc**** as soon as it was near the end of term I kept getting warnings & being asked to purchase upgrades. On the 1st occasion all of my files started being deleted, even lost my sons graduation pics!! Since then I have used recommended free anti-virus/malware packages.

After I deleted the remaining 60 PUPs everything seemed to be going ok. I scanned everything & proceeded to continue with a very important doc that I have been working on for days. about 2 or 3am just as I was making my final alteration the screen changed & a piece of puzzle popped up & began to close everything down! Normally if this happens my work goes into recover & I can call it back up. I've looked in all the normal places & can only find the original which hasn't been altered :( I could scream! 

Once again when I turned on the computer it wouldn't do all the updates so I had to turn it off & choose repair again, is that why I lost my work only it says that all your files should be ok? 

Anyway back to work & I'll try to remember to press save every 5 minutes, my own fault, I never learn! When I went into my recovery panel the following was there startup disabled Ap.

Please could you help or suggest something to help as I have very important charity work to sort out? Hope all this makes sense Many thanks :)

 

No               HKCU:Run  ApplePhotoStreams    Apple Inc.  C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

Yes              HKCU:Run  CCleaner    Piriform Ltd                   "C:\Program Files\CCleaner\CCleaner.exe" /AUTO

No               HKCU:Run  com.apple.dav.bookmarks.daemon                  Apple Inc.  C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

Yes              HKCU:Run  EPLTarget\P0000000000000000 SEIKO EPSON CORPORATION                    C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHTE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX535WD"

Yes              HKCU:Run  HPAdvisor Hewlett-Packard          C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

No               HKCU:Run  iCloudServices              Apple Inc.  C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

Yes              HKCU:Run  LightScribe Control Panel               Hewlett-Packard Company             C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

Yes              HKCU:Run  WMPNSCFG                  Microsoft Corporation                    C:\Program Files\Windows Media Player\WMPNSCFG.exe

Yes              HKLM:Run Adobe ARM                  Adobe Systems Incorporated        "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Yes              HKLM:Run Adobe Reader Speed Launcher    Adobe Systems Incorporated        "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

No               HKLM:Run APSDaemon                  Apple Inc.  "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

No               HKLM:Run HotKeysCmds                Intel Corporation         C:\Windows\system32\hkcmd.exe

Yes              HKLM:Run HP Health Check Scheduler           Hewlett-Packard          c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

Yes              HKLM:Run HP Software Update    Hewlett-Packard          C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

Yes              HKLM:Run hpWirelessAssistant    Hewlett-Packard Development Company, L.P.                   C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

No               HKLM:Run IgfxTray      Intel Corporation         C:\Windows\system32\igfxtray.exe

No               HKLM:Run iTunesHelper                Apple Inc.  "C:\Program Files\iTunes\iTunesHelper.exe"

Yes              HKLM:Run MSC            Microsoft Corporation                    "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

No               HKLM:Run Persistence                   Intel Corporation         C:\Windows\system32\igfxpers.exe

Yes              HKLM:Run QlbCtrl.exe                    Hewlett-Packard Development Company, L.P.                  C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

No               HKLM:Run QPService CyberLink Corp.           "C:\Program Files\HP\QuickPlay\QPService.exe"

No               HKLM:Run QuickTime Task            Apple Inc.  "C:\Program Files\QuickTime\QTTask.exe" -atboottime

Yes              HKLM:Run SDTray        Safer-Networking Ltd. "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"

No               HKLM:Run SunJavaUpdateSched  Oracle Corporation     "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

Yes              HKLM:Run SynTPEnh   Synaptics, Inc.               C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

No               HKLM:Run UCam_Menu                 CyberLink Corp.           "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

No               HKLM:Run UpdateLBPShortCut     CyberLink Corp.           "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

No               HKLM:Run UpdateP2GoShortCut  CyberLink Corp.           "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

No               HKLM:Run UpdatePDIRShortCut   CyberLink Corp.           "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

No               HKLM:Run UpdatePSTShortCut     CyberLink Corp.           "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

Yes              HKLM:Run Windows Defender     Microsoft Corporation                    %ProgramFiles%\Windows Defender\MSASCui.exe -hide

No               HKLM:RunOnce           TotalRecipeSearch_14bar Uninstall                                     rundll32 C:\PROGRA~1\14UNIN~1.DLL,O -3 uninstalltype=IE

Yes              Startup User                  OneNote 2007 Screen Clipper and Launcher.lnk              Microsoft Corporation                    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:53 PM

Posted 06 June 2014 - 08:33 PM

Try to run MBAM from safe mode and see if you can run fixes there.

How to start Windows in Safe Mode


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Kevin.PDI

Kevin.PDI

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 12 June 2014 - 01:55 PM

Try to run MBAM from safe mode and see if you can run fixes there.

How to start Windows in Safe Mode

Also Could try Wise uninstaller to force remove items that arent coming out and use their registry cleaner to fix any damages made to the registry. I tried it on a computer, it couldn't remove all but did remove most of the issues.



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:53 PM

Posted 12 June 2014 - 02:04 PM

Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes.  If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users