Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Confirmed Yontoo and Possible Other Infection [Solved]


  • This topic is locked This topic is locked

#31
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
O.K I am looking into this for you. Carry on with the ESET scan for now and let's see what that reveals :thumbsup:
  • 0

Advertisements


#32
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Roger that. Already in progress.
  • 0

#33
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello and there you are!

The product key FixIt was asking you for is the uninstall code for the program you want to uninstall......we do not have that but there are other methods we can use. I will deal with this once the ESET results are back.

Thanks again Velarie :)
  • 0

#34
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Laptop is running much faster now. Especially when browsing the net. Last ESET scan log below:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8e766f2580b31e4aa2b405854b9cfa55
# engine=14155
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-06-25 08:49:38
# local_time=2013-06-25 03:49:38 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=774 16777213 85 91 0 147985250 0 0
# compatibility_mode=1279 16777215 0 0 0 0 0 0
# compatibility_mode=5892 16776574 100 95 131815570 208800906 0 0
# scanned=92112
# found=0
# cleaned=0
# scan_time=3171
  • 0

#35
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
This is great news :)

I am currently preparing my next post. I will deal with those pesky Icons :)
  • 0

#36
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
So it is running much fast when I'm working on it, but I tried a reboot and it is still taking a ridiculous amount of time to shutdown. I know it's old and I know it's Vista, but I thought it had enough RAM to run relatively quickly, especially since there really isn't much software installed on it. It still seems that it takes too long to shutdown.
  • 0

#37
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
You do indeed have plenty of RAM for running Vista. The usual suspect for a long shutdown is a program not wanting to quit which causes a hang. The fact that it is eventually shutting down is good. We need to find the culprit.

In the next post I will be addressing the Yahoo and Maps icons as well as performing some crucial updates. This takes care of the Malware.
I will then look at the shutdown issue, this will have to be a trial and error fix until we find the culprit. Was this problem evident before we tried uninstalling Yahoo.
  • 0

#38
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Yes problem was apparent even before I installed 7zip (which is when Yontoo first appeared). Problems with the shutdown was what first alerted me that there was something wrong with the laptop.
  • 0

#39
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Great I can rule the uninstaller out. This will hopefully be simple to resolve after the cleaning process :)

I hope to get my next post passed tonight but it's getting late so my instructor may not be online tonight. Thanks for your patience and for sticking with me so far this is really appreciated by myself :thumbsup:

Speak soon.
  • 0

#40
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
I really appreciate your help. I'll be available tomorrow to knock this out. Thanks. ;)
  • 0

Advertisements


#41
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi Velarie :)

We will deal with those icons, updates some programs and get an OTL scan.


1. OTL Fix
Open OTL then Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

:COMMANDS
[CREATERESTOREPOINT]

:REG
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! Companion"=-
"MapsGalaxy_39bar Uninstall"=-

:COMMANDS
[REBOOT]

  • Then click Run Fix
  • Click O.K to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste Fix Log into your next reply.


2. UPDATE ADOBE
Adobe is bundled with Chrome, Google toolbar and or McAfee Security Scan. Uncheck the boxes before downloading Adobe Reader.

3. ENSURE AUTOMATIC UPDATES ARE ENABLED
All security updates released by Microsoft must be Automatically Installed.
  • Click Start and in the search box type windows update and press ENTER.
  • Click Change Settings and make sure the Install updates automatically (recommended) option is selected, if not select it and click O.K to save settings.

4. Do You Need Java? Please read:
  • Java is one of the most exploited software at this time and the majority of home users can do without it. Installing the latest updates is also important
  • The easiest way to find out if Java is needed is to disable Java in your web browser. (see link below)
  • If a trusted program or webpage asks for Java then enable it, otherwise Uninstall completely using JavaRa

    Update or Remove Java

  • Use this link to download JavaRa
  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • Follow the next steps only if you want to install the latest version
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa

5.OTL Scan
  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file. OTL.txt
  • Post in your next reply


Things I want to see in your next post.
  • OTL fix.txt
  • OTL.txt
  • Icons still there? :blink:

  • 0

#42
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
1. Ran OTL Fix, log below.

2. The Adobe site only seems to want me to update to version 10, maybe since I'm running vista. I went to Adobe's site to download XI, and it gave me X instead?!? I cancelled the install since I'm already updated to that version and started over from the beginning and it gave me version X again.

3. Adjusted settings for Windows Update and installed two critical updates.

4. I'm aware of the security issues with Java and have it disabled on my other computers, but I share this computer with another person, so I don't want to completely remove Java just yet. If I ask him if he needs Java, he'll look at me like I'm from the moon. So I figure I'll just turn it off and see if he complains about anything not working, lol. Since the laptop has Java 7 Update 17, I went to Control Panel/Java Control Panel and disabled Java content in all browsers. If I determine that he can live without it, I'll remove the application at a later date. Thanks for the link for JavaRa.

5. Ran OTL Scan, log below.

6. Prior to running the last OTL fix both programs stilled showed in Programs and Features, Yahoo still had its logo. Now both of them still show in Programs and Features and neither of them have a logo.

The performance while working on it and using the internet is about what I expect it to be now, but it is still hanging up on shutdown, not nearly as bad as before, but hanging.






========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Yahoo! Companion not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\MapsGalaxy_39bar Uninstall not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 06262013_100120






OTL logfile created on: 6/26/2013 10:41:25 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Desktop\Tech Support - Do Not Delete\OTL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.41% Memory free
6.15 Gb Paging File | 5.25 Gb Available in Paging File | 85.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.91 Gb Total Space | 61.60 Gb Free Space | 59.28% Space Free | Partition Type: NTFS
Drive D: | 30.39 Gb Total Space | 28.79 Gb Free Space | 94.73% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\owner\Desktop\Tech Support - Do Not Delete\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe (Conexant)
PRC - C:\Program Files\Lenovo\EnergyCut\utilty.exe (Lenovo(beijing) Limited)
PRC - C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe (Lenovo (Beijing) Limited)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Lenovo\EnergyCut\KbdHook.dll ()
MOD - C:\Program Files\Lenovo\EnergyCut\HookLib.dll ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2142395129-4270672330-3082907655-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2142395129-4270672330-3082907655-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2142395129-4270672330-3082907655-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2142395129-4270672330-3082907655-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2142395129-4270672330-3082907655-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/06/19 12:21:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.genieo...0415,19432,11,0,
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Gmail = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EnergyCut] C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\EnergyCut\utilty.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EF73823-93E2-4E85-BFBE-B9431F31210E}: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/25 14:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/06/25 14:04:41 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\ElevatedDiagnostics
[2013/06/21 08:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/21 08:14:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/06/21 08:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/19 12:21:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/19 12:05:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/19 12:04:44 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/08 09:16:03 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
[2013/06/08 09:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner
[2013/06/08 09:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner

========== Files - Modified Within 30 Days ==========

[2013/06/26 10:33:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/26 10:30:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/26 10:25:12 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/26 10:25:12 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/26 10:12:46 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/26 10:05:49 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/26 10:05:48 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/26 10:05:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/26 10:05:39 | 3179,872,256 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/24 20:15:17 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/06/21 08:39:31 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/17 13:42:52 | 234,505,902 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/06/07 23:28:24 | 000,086,888 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2013/06/07 23:28:16 | 000,092,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2013/06/07 23:28:16 | 000,031,560 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll

========== Files Created - No Company Name ==========

[2013/06/17 13:42:52 | 234,505,902 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/04/02 13:04:41 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/04/02 13:04:40 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/10/25 18:47:26 | 005,720,017 | ---- | C] () -- C:\Users\owner\streetguide.pdf
[2011/08/15 15:19:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/08/15 14:11:33 | 000,005,632 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/15 14:01:05 | 000,000,680 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:18:30 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08:18:20 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/30 17:53:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/01/30 17:53:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/01/30 17:53:03 | 000,000,000 | ---D | M] -- C:\Users\LogMeInRemoteUser\AppData\Roaming\TuneUp Software
[2011/10/07 04:49:02 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Auslogics

< End of report >
  • 0

#43
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello Velarie. Sorry I thought I'd posted this earlier. My posting has been acting up today.

Adobe 10 is indeed the correct version for Vista as 11 is for Windows 7, this was a mistake by me test for you and you passed well done. :thumbsup:

Genio has reappeared in Chrome :) I think it is the actual shortcut that is the problem here. We will do what we did earlier plus some added instructions.

1. OPEN CHROME BROWSER
  • In the Chrome Search Bar Copy and Paste the following: chrome://settings/ and press Enter
  • Under On Start-Up check the box Open a specific page or set of pages and click the link Set Pages
  • In the StartUp pages box hover the mouse over Search Genio to highlight, now click the x to remove.
  • Copy and Paste the following into the Add a new page box: www.google.com and click O.K and close Chrome
  • Now delete all Chrome shortcuts from: Desktop, Taskbar, Start Menu and All Programs.
  • Navigate to the following location C:\Program Files\Google\Chrome\Application right click the Chrome Icon and send to Desktop.

I will try the uninstall fix again using a different tack

2. OTL Fix
Open OTL then Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

:COMMANDS
[CREATERESTOREPOINT]

:REG
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MapsGalaxy_39bar Uninstall]

:COMMANDS
[REBOOT]

  • Then click Run Fix
  • Click O.K to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste Fix Log into your next reply.

Things I want to see in your next post.
  • OTL fix.txt
  • Are the icons removed?
  • Are you shutting down the computer remotely? I thought that this may cause a hang. If not we will soldier on with this soon :)

  • 0

#44
velarie2112

velarie2112

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Working on this now and will update the thread shortly. Sorry it took so long to get back to it.
  • 0

#45
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
No problem at all Velarie, thanks for updating me :thumbsup:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP