Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple processes running and crashing laptop...need fixlist.txt


  • This topic is locked This topic is locked
8 replies to this topic

#1 hubbaral

hubbaral

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 25 October 2014 - 05:42 PM

A friend made me a fixlist file but I don't think it was complete. Can you help me? I'm including the scan logs in this message as attachments. Thank you,

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:52 PM

Posted 30 October 2014 - 09:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKU\S-1-5-21-1524531141-3326224193-2027690889-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Default -> hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ch
CHR StartupUrls: Default -> "hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ch"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Familia Hubbard\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
Task: {A7374DF4-C637-4E46-9B77-803721306816} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {E4F22623-FA47-4AAA-852E-80F11DC9416A} - System32\Tasks\{5AEE8BD6-4548-5DCF-03F5-95AAD6DD268E} => C:\Users\Familia Hubbard\AppData\Roaming\edwitwu.dll/s "C:\Users\Familia Hubbard\AppData\Roaming\edwitwu.dll" <==== ATTENTION
Task: {FEA47F9E-22B2-445C-B087-4FFC3C6F1DEC} - System32\Tasks\4790 => Wscript.exe C:\Users\FAMILI~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running?
Wait for further instructions.

#3 hubbaral

hubbaral
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 01 November 2014 - 07:42 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-11-2014
Ran by Familia Hubbard at 2014-11-01 19:25:49 Run:2
Running from C:\Users\Familia Hubbard\Desktop
Loaded Profile: Familia Hubbard (Available profiles: Familia Hubbard)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKU\S-1-5-21-1524531141-3326224193-2027690889-1001\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Default -> hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ch
CHR StartupUrls: Default -> "hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ch"
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Familia Hubbard\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
Task: {A7374DF4-C637-4E46-9B77-803721306816} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {E4F22623-FA47-4AAA-852E-80F11DC9416A} - System32\Tasks\{5AEE8BD6-4548-5DCF-03F5-95AAD6DD268E} => C:\Users\Familia Hubbard\AppData\Roaming\edwitwu.dll/s "C:\Users\Familia Hubbard\AppData\Roaming\edwitwu.dll" <==== ATTENTION
Task: {FEA47F9E-22B2-445C-B087-4FFC3C6F1DEC} - System32\Tasks\4790 => Wscript.exe C:\Users\FAMILI~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
 
End
*****************
 
"HKU\S-1-5-21-1524531141-3326224193-2027690889-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Error deleting key. The key could be protected.
"HKU\S-1-5-21-1524531141-3326224193-2027690889-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Error deleting key. The key could be protected.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{06C7AD57-B655-418D-9AB8-9526A6D2E052} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{06C7AD57-B655-418D-9AB8-9526A6D2E052}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
"HKCR\PROTOCOLS\Handler\ipp\0x00000001" => Key deleted successfully.
"HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61}" => Key not found.
"HKCR\PROTOCOLS\Filter\text/xml" => Key deleted successfully.
"HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\gcswf32.dll not found.
C:\Users\Familia Hubbard\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll not found.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll not found.
C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Windows\system32\Adobe\Director\np32dsw.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
catchme => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7374DF4-C637-4E46-9B77-803721306816}" => Error deleting key. The key could be protected.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7374DF4-C637-4E46-9B77-803721306816}" => Error deleting key. The key could be protected.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Error deleting key. The key could be protected.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4F22623-FA47-4AAA-852E-80F11DC9416A}" => Error deleting key. The key could be protected.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4F22623-FA47-4AAA-852E-80F11DC9416A}" => Error deleting key. The key could be protected.
C:\Windows\System32\Tasks\{5AEE8BD6-4548-5DCF-03F5-95AAD6DD268E} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5AEE8BD6-4548-5DCF-03F5-95AAD6DD268E}" => Error deleting key. The key could be protected.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEA47F9E-22B2-445C-B087-4FFC3C6F1DEC}" => Error deleting key. The key could be protected.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEA47F9E-22B2-445C-B087-4FFC3C6F1DEC}" => Error deleting key. The key could be protected.
C:\Windows\System32\Tasks\4790 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4790" => Error deleting key. The key could be protected.
C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully.
 
==== End of Fixlog ====


#4 hubbaral

hubbaral
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 01 November 2014 - 07:44 PM

I think that did the trick.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:52 PM

Posted 02 November 2014 - 08:14 AM

One last scan.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#6 hubbaral

hubbaral
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 02 November 2014 - 01:04 PM

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton 360    
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Java 2 Runtime Environment, SE v1.4.2 
 Java 2 Runtime Environment, SE v1.4.2_03 
 Adobe Reader 9 Adobe Reader out of Date! 
 Google Chrome 38.0.2125.104  
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 4% 
````````````````````End of Log`````````````````````` 


#7 hubbaral

hubbaral
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 02 November 2014 - 01:07 PM

It looks like it's running fine. Thanks!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:52 PM

Posted 03 November 2014 - 09:09 AM

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

Delete these old versions of Java using the Add/Remove program.
Java 2 Runtime Environment, SE v1.4.2

Java 2 Runtime Environment, SE v1.4.2_03


===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:52 PM

Posted 09 November 2014 - 11:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users