Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Random Program opens and closes in time frame of one second. [Closed]


  • This topic is locked This topic is locked

#16
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 2

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer or Mozilla Firefox for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
  • Click Scan. (This scan can take several hours, so please be patient).
  • Once the scan is completed, you may close the window.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Step 3

Is it your Skype name or real name that has changed?


Step 4

Do you know the name of the program that pops up?


Things I want to see in your next reply

  • MBAM Log
  • log.txt
  • Answers to my questions

  • 0

Advertisements


#17
sinfieldl

sinfieldl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2074c7494edea84c91d96b0e07c13e84
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-15 06:34:56
# local_time=2012-04-15 07:34:56 (+0100, Namibia Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 101875 86141271 0 0
# compatibility_mode=8192 67108863 100 0 362 362 0 0
# scanned=175371
# found=0
# cleaned=0
# scan_time=7075


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.15.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lewis :: LEWIS-PC [administrator]

Protection: Enabled

15/04/2012 17:24:07
mbam-log-2012-04-15 (17-24-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218238
Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Q1) My skype name has changed. I see it as it should be, but who ever i'm talknig too sees my skype name as 'jay'.

Q2) I have no idea about the program, it too quick for me to even recognise the symbol.
  • 0

#18
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

  • Click on the Account tab.
  • Logon using the your Skype name.
  • Click on the Profile Details tab.
  • Where it says Your Name click the Edit button and enter what you want others to know you as on Skype.

Step 2

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.
  • Save it to the desktop.
  • Run Silent Runner's by double-clicking the "Silent Runners" icon on your desktop.
  • You will receive a prompt:
    Do you want to skip supplementary searches?
    Click NO.
  • If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!).
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
Note: If you receive any warning message about scripts, please choose to allow the script to run.


Things I want to see in your next reply

  • Silent Runners Log

  • 0

#19
sinfieldl

sinfieldl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
"Silent Runners.vbs", revision 64beta2, http://www.silentrunners.org/
Operating System: Microsoft Windows 7 Home Premium Service Pack 1 (64-bit)
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS]
msnmsgr = "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
Apoint = C:\Program Files\DellTPad\Apoint.exe [Alps Electric Co., Ltd.]
SysTrayApp = C:\Program Files\IDT\WDM\sttray64.exe
Broadcom Wireless Manager UI = C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [Dell Inc.]
IAAnotif = C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [Intel Corporation]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
StartCCC = "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Advanced Micro Devices, Inc.]
avast = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [AVAST Software]
LogitechQuickCamRibbon = "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [Logitech Inc.]
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]
Adobe Reader Speed Launcher = "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [Adobe Systems Incorporated]
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
Malwarebytes' Anti-Malware = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [Malwarebytes Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\(Default) = (no title provided)
-> {HKLM…CLSID} = avast! WebRep
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [AVAST Software]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM…CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM…CLSID} = Google Toolbar Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM…CLSID} = Java™ Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\jp2ssv.dll [file not found]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
-> {HKLM…Wow…CLSID} = Adobe PDF Link Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = avast! WebRep
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{9FDDE16B-836F-4806-AB1F-1455CBEFF289}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = Windows Live Messenger Companion Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [MS]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = Google Toolbar Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO
-> {HKLM…Wow…CLSID} = Skype Browser Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Technologies S.A.]

{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = Bing Bar Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [Microsoft Corporation.]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = Java™ Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Sun Microsystems, Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM…CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]

DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU…CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU…CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU…CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU…CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU…CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU…CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU…CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU…CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension
-> {HKLM…CLSID} = DisplayCplExt Class
\InProcServer32\(Default) = c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.]

{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension
-> {HKLM…CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

{7F67036B-66F1-411A-AD85-759FB9C5B0DB} = ShellViewRTF
-> {HKLM…CLSID} = ShellViewRTF
\InProcServer32\(Default) = C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\PROTECTRP\Shellvrtf64.dll [XSS]

{472083B0-C522-11CF-8763-00608CC02F24} = avast
-> {HKLM…CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]

{AE424E85-F6DF-4910-A6A9-438797986431} = OpenOffice.org Property Handler
-> {HKLM…CLSID} = OpenOffice.org Property Handler
\InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl_x64.dll [OpenOffice.org]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM…CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Editor Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{472083B0-C522-11CF-8763-00608CC02F24} = avast
-> {HKLM…Wow…CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

{AE424E85-F6DF-4910-A6A9-438797986431} = OpenOffice.org Property Handler
-> {HKLM…Wow…CLSID} = OpenOffice.org Property Handler
\InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll [OpenOffice.org]

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = OpenOffice.org Column Handler
-> {HKLM…Wow…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [OpenOffice.org]

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} = OpenOffice.org Infotip Handler
-> {HKLM…Wow…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [OpenOffice.org]

{63542C48-9552-494A-84F7-73AA6A7C99C1} = OpenOffice.org Property Sheet Handler
-> {HKLM…Wow…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [OpenOffice.org]

{3B092F0C-7696-40E3-A80F-68D74DA84210} = OpenOffice.org Thumbnail Viewer
-> {HKLM…Wow…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll [OpenOffice.org]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> (livessp [MS]) Security Packages = kerberos|msv1_0|schannel|wdigest|tspkg|pku2u|livessp

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = WLIDCredentialProvider
-> {HKLM…CLSID} = WLIDCredentialProvider
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [MS]

HKCU\Software\Classes\*\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU…CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM…CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM…CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM…CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU…CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU…CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Lewis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}
-> {HKLM…CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice.org Column Handler
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll [OpenOffice.org]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM…CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM…CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]


Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = ComFile


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Lewis\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

MPCPlayCDAudioOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayCDAudio
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe" %1 /cd [MPC-HC Team]

MPCPlayDVDMovieOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayDVDMovie
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe" %1 /dvd [MPC-HC Team]

MPCPlayMusicFilesOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayMusicFiles
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe" %1 [MPC-HC Team]

MPCPlayVideoFilesOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayVideoFiles
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = "C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe" %1 [MPC-HC Team]

MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]
  • 0

#20
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Has your Skype name been fixed?
Did you install any new programs/software around the time the random program started popping up?
  • 0

#21
sinfieldl

sinfieldl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Skype name is still Jay. The problem started about 2 days after i restored the system back by 5 days.
  • 0

#22
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Did you install any new programs/software around this period?
  • 0

#23
sinfieldl

sinfieldl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
No new programs/software installed. Only thing that happened was that i moved back to the UK and uninstalled 'MTN Online' (South African internet provider) and just connected to my UK home broadband provider.
  • 0

#24
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
It looks like there are still traces of MTN Online on your computer which I will remove with OTL.


Step 1

The only thing I could suggest about Skype is to create a new account and re-add all of your contacts.


Step 2

Please uninstall the following program via Control Panel > Uninstall a Program (if present):

  • MTN Online


Step 3

If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

To disable MBAM

Open the scanner and select the Protection tab.
Remove the tick from Start protection module with Windows.
Reboot and then run OTL.

Posted Image


Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL 
    SRV - [2012/01/27 13:29:07 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\MTN Online\UpdateDog\ouc.exe -- (MTN Online. RunOuc)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DE43533-B76F-4C83-864F-7D88E8E1A02B}: NameServer = 209.212.96.1 209.212.97.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71C3509D-6425-4F1A-B0C2-EA8C77BBDD42}: NameServer = 209.212.96.1 209.212.97.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD2E4A1C-2F3F-49AF-98A0-9CB501845517}: NameServer = 209.212.96.1 209.212.97.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8D406BF-0672-4BBB-A39D-B651AD30E1C1}: NameServer = 209.212.96.1 209.212.97.1
    
    :Files
    C:\Program Files (x86)\MTN Online
    ipconfig /flushdns /c
    
    :Commands 
    [emptytemp]
    [CREATERESTOREPOINT] 
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 4

After the OTL fix, has the program stopped popping up?


Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • Answer to my question

  • 0

#25
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP