Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot Open Programs in Safe Mode ('Open With' virus).....


  • This topic is locked This topic is locked

#16
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

....I'm a little leery about dumping the Ukraine-based MP3 converter - is CNET aware of its origins and threat potential? Can you tell me anything about the 2 alternatives to which you allude - particularly, do they leave any footprints which Apple could detect were I to upload the files to iTunes for burning/listening?

They are aware it is from there but several products in the last 2 years have been found to be suspicous and even contain malware from the CNET site. We do not recommend using them for that reason.


Here are two alternates:

This one you install: youtube to MP3 converter

This one works online: http://www.vgrabber.com/

You need to remove the program now and if you want it on there instead of these after the cleaning process then that is your choice, however during the cleaning process it is causing disruption that must be removed to facilitate our cleaning process.



Also, one of the reasons I installed IObit Fighter is that it appears Malwarebytes is a strictly TRIAL version (?) although I do appreciate that it's a MUCH smaller program than IO.

It is smaller and more effective in our opinion, you can see that by checking any of the other people's topics in the malware removal area. This is not just an opinion by me.

After we run ComboFix I will be asking you to install a resident antivirus, you currently do not have one installed and that is part of the reason you have been infected. A resident antivirus and your windows firewall are the most important guards against infection that you can install on your computer. Your windows firewall is active so we will add an antivirus after completing the steps outlined in my previous post.


As for the ZoneAlarm toolbar (thought I'd uninstalled the actual program) how exactly do I get at and delete/remove it?

I found the toolbar in your list of installed programs.
Click Start >> Control Panel >> Add/remove programs
Click on ZoneAlarm Toolbar and then click uninstall....follow the prompts and restart if asked to.


Thanks again for your patience with me!

You are welcome :thumbsup:
  • 0

Advertisements


#17
ogam5

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
.....deleted the MP3 Converter - more ironic still, both Norton and and the other anti-viral company had logos up in the Uninstall window! VERY bizarre/surreal.....checked the Add?Remove window and NO sign of the ZoneAlarm toolbar anywhere.....is it possible it's an add-on of some sort? Do you still want me to run the new operations anyway once I've uninstalled IOBit Fighter?
  • 0

#18
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

Norton and and the other anti-viral company had logos up in the Uninstall window! VERY bizarre/surreal.

I do not see them in your logs and I just double checked.
We will verify when we run Combofix.

NO sign of the ZoneAlarm toolbar anywhere.....is it possible it's an add-on of some sort?

Not critical we will deal with it later. It is odd your uninstall list here does not match your computer on these. But we need to continue.

Do you still want me to run the new operations anyway once I've uninstalled IOBit Fighter?

Yes we need to run exehelper and combofix and I need both logs after they run. :thumbsup:
  • 0

#19
ogam5

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Hi, CompCav - uninstalled both IOBit Fighter and SuperAntiSpyware; reactivated Malwarebytes as something seemed to have happened to it - ran exehelper and ComboFix, but NOT before deactivating background protection aspects of Malwarebytes. NOTE: received prompt for Service Pack 3 and attempted to download in between operations but couldn't do so for some reason.....here are both reports - and please let me know when I'll be able to reinstall SuperAntiSpyware; thanks:


exehelper:

exeHelper by Raktor
Build 20100414
Run at 19:19:09 on 06/14/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


ComboFix:


ComboFix 12-06-14.01 - User 06/14/2012 20:09:03.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.309 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\User\LOCALS~1\Temp\SASAA.tmp
c:\documents and settings\All Users\Application Data\AMMYY
c:\documents and settings\All Users\Application Data\AMMYY\hr
c:\documents and settings\All Users\Application Data\AMMYY\hr3
c:\documents and settings\All Users\Application Data\AMMYY\settings3.bin
c:\documents and settings\User\Application Data\97861C
c:\documents and settings\User\GoToAssistDownloadHelper.exe
c:\documents and settings\User\Local Settings\temp\SASAA.tmp
c:\program files\Mozilla Maintenance Service
c:\program files\Mozilla Maintenance Service\maintenanceservice.exe
c:\program files\Mozilla Maintenance Service\Uninstall.exe
c:\windows\system32\dllcache\wmpvis.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MozillaMaintenance
-------\Service_MozillaMaintenance
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-14 00:27 . 2012-06-14 00:27 -------- dc----w- C:\_OTL
2012-06-02 05:28 . 2012-06-04 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2012-06-02 05:26 . 2012-06-04 19:35 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2012-06-02 05:17 . 2012-06-04 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2012-05-29 11:26 . 2012-06-04 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2012-05-29 09:19 . 2012-05-29 09:20 -------- d-----w- c:\documents and settings\User\Application Data\IObit
2012-05-29 09:18 . 2012-05-29 09:18 -------- d-----w- c:\program files\IObit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-05-20 00:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-02 13:58 . 2012-02-24 03:41 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoFavoritesMenu"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 07:56 15360 -c--a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 19:33 421160 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MBAMService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/19/2011 8:25 PM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/19/2011 8:25 PM 22344]
S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]
S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [3/31/2003 8:00 AM 14336]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [3/31/2003 8:00 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPHLPSVC
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page =
uInternet Settings,ProxyOverride = <local>;*.local
Trusted Zone: streamwrhu.net\live
TCP: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\2dx88my5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: extensions.zonealarm.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.zonealarm.autoRvrt - true
FF - user.js: extensions.zonealarm_i.newTab - false
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN112918528683978-1001&toolbarId=base&affiliateId=1001&Lan={dfltLng}&utid=7897c3fd0000000000000030bd2b8e4d&q=
FF - user.js: extensions.zonealarm.id - 7897c3fd0000000000000030bd2b8e4d
FF - user.js: extensions.zonealarm.instlDay - 15468
FF - user.js: extensions.zonealarm.vrsn - 1.5.23.8
FF - user.js: extensions.zonealarm.vrsni - 1.5.23.8
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.5.23.83:14
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN112918528683978-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-MozillaMaintenanceService - c:\program files\Mozilla Maintenance Service\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-14 20:41
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(168)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-06-14 20:48:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 00:48
.
Pre-Run: 2,496,724,992 bytes free
Post-Run: 2,627,158,016 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
.
- - End Of File - - B5298F1DE8A2DFF11B76377F9918F27F
  • 0

#20
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

here are both reports

Thank you :thumbsup:

and please let me know when I'll be able to reinstall SuperAntiSpyware; thanks:

Will do!!

How is the computer performing at this time?
  • 0

#21
ogam5

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
I think - aside from one site which wasn't a threat but nonetheless froze up indefinitely, again and again - probably NoScript AGAIN (is there anything I can do to desensitize its settings?) seems to have improved in terms of speed.....of course, I'll know that things are really better when I can do an antiviral in Safe Mode.....will wait to hear the next set of details and, thanks one more time, CC:) Jim
  • 0

#22
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Antvirus software is a necessity. This is your primary line of defense against the type of malware that has infected your computer. Each of the following products have real-time protection and scheduled scans. Please choose one, install it, update the antivirus database/definitions, and run a complete scan.

Grisoft's Avast free edition and Microsoft's Microsoft Security Essentials are among the best free antivirus/antispyware products.
*Please note* You should never install more than one anti-virus program on a PC because it will cause conflicts.


Step 2.

Please report any items found in the scan and give me an update on the performance of the computer.


Step 3.

PLEASE DO THIS LATER (report back step 2 first)

probably NoScript AGAIN (is there anything I can do to desensitize its settings?)

Yes go to Tools >> Addons and click Options for Noscript
You can whitelist some sites on the second tab

or

You can permanently or temporarily allow items at a specific site by checking the NoScript menu for that site. Just click options in the lower right and it will give you choices for a specific site.
  • 0

#23
ogam5

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
I'm a bit confused - you said I was OK to keep Malwarebytes as the background and SuperAntiSpyware as the primary antiviral (and it's done its job very well, better than anything I've ever used). Furthermore, I'm not sure exactly what sort of Avast! product or generic shareware you're recommending - all I know is over time, the desktop resources for it grew to be ENORMOUS.....not sure what constitutes a 'resident' antiviral but I'm not thrilled at the prospect of installing any MS-related programs to that end - this is a secondhand PC and NOT registered (of course, XP is probably going to be rendered obsolete before long, the way they conduct themselves - and I CAN'T upgrade to 7 with the limited resources I have - as you know, my C drive is at present 18 GBs, with not a lot of room left over.....E drive is mostly for media and primarily MP3 files, also getting close to being full and with no way of increasing the capacity of either).....so, I want to keep the 2 antivirals I've already got (one of which you yourself advised me to retain in lieu of IOBit Fighter) and it's my belief that as SuperAntiSpyware ISN'T active unless I'm doing a scan, the threat level can't be that high in terms of the 2 conflicting with each other.....
  • 0

#24
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Neither IOBit's tool, superantispyware, or malwarebytes' are resident antivirus products. They are antispyware and antimalware. You need a resident antivirus to be safe.

A normal setup is this:

Windows Firewall
One resident antivirus
One or two antimalware products with only one resident.


You had multiple antispyware/antimalware products and as such a hole in your security protection.

this is a secondhand PC and NOT registered

What do you mean by not registered?
  • 0

#25
ogam5

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Tried accessing the Avast! link you provided and it was dead - generic host site - also, can you tell how many MBs it is? As I've said, extremely disinclined to download the MS resident antiviral for reasons cited above.....one OTHER problem (again, likely related somehow to NoScript - and I HAVE allowed every site relative to them): I can't download or save ANYTHING at present (including SuperAntiSpyware, just to have it at the ready should there be a problem downloading it later) - as this WASN'T an issue previous to my working with you, definitely want this situation rectified.....thanks again for your patience with me!

Edited by ogam5, 14 June 2012 - 11:21 PM.

  • 0

Advertisements


#26
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
What do you mean by not registered?

Try Avast link again and disable NoScript if it does not work because the link is good now.
  • 0

#27
ogam5

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
.....CPUs bought secondhand (as was mine - it's over a decade old, I believe - my financial resources have been meager for years now with the economy as it is) have MS operating systems whose registries have usually expired, and I'm in NO position to even remotely consider paying for a renewed one, nor do I feel the least bit obligated given their ridiculous level of annual revenue - suspect that their expectation of it was tempered by the government's entirely justifiable anti-trust lawsuit against them.....I'll admit: I'm NO fan of MS at all, but for most of us they're the only game in town; I haven't worked nearly enough with Macs (nor am I big fan of Apple either) and Linux is wayyyyyy beyond my capabilities or expertise, I further suspect - admittedly, DON'T know a lot about these matters.....) Can we figure out why I'm suddenly having SUCH a problem with downloading/saving and, again, what's the size of this Avast! program of which you spoke? Honestly, I'd like to deactivate NoScript entirely, what with Malwarebytes acting as my background filter (and most of the time, very well.....) My capacity is, as I said, severely limited so I HAVE to be sensitive to that.....thanks again, CC!
  • 0

#28
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts

MS operating systems whose registries have usually expired,

I do not understand do you have a legitimate copy of windows or not?
  • 0

#29
ogam5

ogam5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
'Legitimate'? Not sure what you mean by that - wouldn't be having this correspondence with you if it wasn't, couldn't operate my computer otherwise, right?
  • 0

#30
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
What do you mean by registry renewals then?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP