I'll get a fix ready for you. No need for any scans....
Hijacked and multiple viruses
#16
Posted 04 August 2014 - 04:11 PM
I'll get a fix ready for you. No need for any scans....
#17
Posted 04 August 2014 - 04:59 PM
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcmax\service.exe ProxyServer: http=127.0.0.1:49191;https=127.0.0.1:49191 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM-x32 - DefaultScope value is missing. CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Task: {1D22DD03-5172-4D2B-B4F7-0F1FDCE22664} - \Digital Sites No Task File <==== ATTENTION Task: {4865492C-B6BE-4B83-A652-182E3C7B86BD} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION Task: {85ABA8F4-931A-49D5-8A0D-B27DD9EC330B} - \ViewPassword_wd No Task File <==== ATTENTION Task: {A0BB6197-2190-403E-B3AB-A2E6E5E3CC01} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 No Task File <==== ATTENTION Task: {AEB9464B-78FB-420B-B230-706337A99081} - \PC Speed Maximizer Schedule No Task File <==== ATTENTION Task: {C9F5DE95-7C4F-487C-B27E-7924C388FE9D} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION Task: {E919F5BE-B6E2-48D9-BE92-C8A090AE0DF3} - \FF Watcher {B0C7D911-4C15-4E0F-939A-8BE8966A261C} No Task File <==== ATTENTION C:\Program Files\PC-Doctor\pcdrcui.exe C:\Program Files\PC-Doctor\pcdrrealtime.p5x C:\Program Files\PC-Doctor\pcdrharddrive.p5x HKU\S-1-5-21-144739551-2177794648-3174304158-1000\...\MountPoints2: {293cdfa6-483f-11e1-be9d-c89cdc393415} - D:\LaunchU3.exe -a HKU\S-1-5-21-144739551-2177794648-3174304158-1000\...\MountPoints2: {a991886c-b214-11e0-895b-806e6f6e6963} - Q:\LenovoQDrive.exe C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job Task: {C33703B7-52BF-4102-8BB3-F4A4F160B769} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.) Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe C:\Program Files\PC-Doctor\libAsapiCSharp.dll C:\Program Files\PC-Doctor\libCSharpCommonCS.dll C:\Program Files\PC-Doctor\libGapiCSharp.dll C:\Program Files\PC-Doctor\libDataStoreCSharp.dll C:\Program Files\PC-Doctor\libTonopahClientCSharp.dll C:\Program Files\PC-Doctor\pcdcsharpcommon.dllClick Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
#18
Posted 04 August 2014 - 06:19 PM
Okkeedokee here is the log.
#19
Posted 04 August 2014 - 06:25 PM
Just to update you on how the computer is running-every time I click on a link a new tab opens to an "opensoftwareupdater" page.
Is that still happening above in Chrome or any browser ?
#20
Posted 04 August 2014 - 09:00 PM
Actually yes, It does still keep happening in IE and Chrome. I did reboot as well. On the web page, cnn.com, for example, there is a contentexplorerx section on both IE and Chrome. It has headings like smartphones, business news etc.
#22
Posted 05 August 2014 - 03:09 PM
stsructionI just reset chrome per your instructions, but no luck
#23
Posted 05 August 2014 - 03:27 PM
* Download Shortcutcleaner to your desktop.
* Right click on sc-cleaner.exe and choose run as administrator, Windows XP user can just doubleclick on sc-cleaner.exe to start the program.
* The tool will scan all the windows shortcuts that belong to your installed browsers.
* If the tool detects hijacked shortcuts, it will automatically clean them.
* When the tool is ready, it will save a log file on your desktop, this file contains the information of the scanned and repaired shortcuts.
Could you post that log.
Joe
#24
Posted 05 August 2014 - 04:02 PM
Here is the log
#25
Posted 05 August 2014 - 05:53 PM
Please remove this program from you programs an features list. It's an adware producing program that I missed
1-SmartMediaConverter<-----Remove me
Reboot the computer.
Then
Run An online scan called ESET. This scan could take a long time so be prepared !
ESET Online Scanner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
- Please go >>HERE<< then click on:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. - Select the option YES, I accept the Terms of Use then click on:
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on:
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
- Copy and paste that log as a reply to this topic.
- Now click on:
(Selecting Uninstall application on close if you so wish)
Joe
#26
Posted 07 August 2014 - 12:32 PM
No worries, thanks for the help. BTW I found content explorer on the programs list too and uninstalled it. Solved the problem of it being on the browser.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=cefb319d41b1fd418be690e9ba3ac4ec
# engine=19548
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-07 06:02:18
# local_time=2014-08-07 02:02:18 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 9896022 100658148 0 0
# scanned=175402
# found=9
# cleaned=0
# scan_time=7351
sh=5401AF79ABD9AA85CC8B27099A9AF412F852AF33 ft=1 fh=c71c0011d00751e1 vn="a variant of Win32/AdWare.AddLyrics.BH application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\-ViewPassword-soft\174.dll.vir"
sh=687B4946BC5E5810A1285AF55F1010BC17824674 ft=1 fh=c71c00110c148457 vn="a variant of Win32/AdWare.AddLyrics.BB application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\-ViewPassword-soft\ViewPasswordVA174.dll.vir"
sh=6DAF776E124B4CBA50F8D3916406D85A60F370EB ft=1 fh=acdcf8078c777759 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Program Files (x86)\DDNI\Lenovo Central\BIN\AskInstallChecker-1.1.0.0.exe"
sh=47E1AAB49E4BBE6ED704F804A4B402ACA07D74FE ft=1 fh=d4dd8a748ee934d3 vn="MSIL/Tuguu.C potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\07232014_124546\C_Program Files (x86)\NewPlayer\LTV.exe"
sh=1A7079075C6FCB76253019D9F642B9648705AB9D ft=1 fh=5bcb01b64949eb6f vn="a variant of MSIL/NewPlayer.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\07232014_124546\C_Program Files (x86)\NewPlayer\NewPlayer.exe"
sh=9151592DCBBBA22DA88A7D1EB5CB8DCD422C11A8 ft=1 fh=7f79c4a3570c96e6 vn="MSIL/NewPlayer.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\07232014_124546\C_Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe"
sh=5416A12A9D3D9A4BCC4D675EB6013F1881C66616 ft=1 fh=98db3d886a06d0e8 vn="a variant of MSIL/NewPlayer.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\07232014_124546\C_Program Files (x86)\NewPlayer\references\NewPlayerChecker.exe"
sh=2FCA2173F2DD16DF8F1F990170FA4479FC5D5BFC ft=1 fh=c528dd1cda99a111 vn="a variant of Win32/ELEX.AR potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\07232014_124546\C_Program Files (x86)\SupTab\RSHP.exe"
sh=E97CBDBD7CFED2C58464C1ABF186520022DE5666 ft=1 fh=7a2ea5ecc33ad0e3 vn="a variant of Win64/Thinknice.C potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\07232014_124546\C_Program Files (x86)\SupTab\SpAPPSv64.dll"
#27
Posted 07 August 2014 - 01:52 PM
The ESET scan is good, all the items have already been taken care of and are in Quarantine, those will go away when we remove the tools we used as the Quarantine folders get deleted.
What issues remain ?
Joe
#28
Posted 08 August 2014 - 12:41 PM
Looks like everything is running smoothly and perfectly! Thanks!
Lisa
#29
Posted 09 August 2014 - 08:27 AM
Next
Since your log reports are clean and free of malware, lets clean up after ourselves.
OTL Clean-Up
Right click on the icon on your desktop and choose Run as administrator to open the main window.
Next click on the button.
Once clean up is complete you will be prompted to reboot your computer. Please do so.
This will remove most of the programs we have used including itself.
Next
Double-click on AdwCleaner.exe to run the tool again.
- Click on the Uninstall button.
- Click Yes when asked are you sure you want to uninstall.
- Both AdwCleaner.exe, its folder and all logs will be removed.
If there are any left over tools or logs on your computer please delete them now.
Next
Clear Restore Points
Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button.
You usually get infected because your security settings are too low.
Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:
Safe Computing Practices please read Here
Thanks
Joe
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users