Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malware ? frst attached. computer grinds to a halt not sure if still

malware frst

  • This topic is locked This topic is locked

#31
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you attach or post the logs generated please
  • 0

Advertisements


#32
Marcus1122

Marcus1122

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts

took a long time to run

 

 

Attached Files


  • 0

#33
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
After the reboot from this could you let me know of any change

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\Winlogon: [Shell] C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\zh_CN.lproj\cable_tv\a_weighted_db_levels.exe,explorer.exe <==== ATTENTION
CHR Extension: (No Name) - C:\Users\ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-05]
S4 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [154096 2014-12-03] (Coupons.com Inc.)
S4 PCPitstop Scheduling; C:\Program Files\PCPitstop\PCPitstopScheduleService.exe [86016 2010-09-13] (PC Pitstop LLC) [File not signed]
2015-04-01 14:36 - 2015-04-01 14:36 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d06caad5100d89.job
2015-03-31 15:47 - 2015-04-02 13:13 - 00000000 ___HD () C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}
2015-03-23 10:31 - 2015-03-27 10:43 - 00000000 ____D () C:\ProgramData\xkbhv
2015-03-19 13:18 - 2015-03-19 13:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-03-19 13:18 - 2015-03-19 13:18 - 00000000 ____D () C:\Program Files\Coupons
Task: {FA37036E-087E-4DEF-8EB3-9FBDA8C3C529} - System32\Tasks\{DF1DE8C6-073B-4FEB-9F21-FC71E50E3B4A} => pcalua.exe -a D:\setup.EXE -d D:\ -c /AUTORUN
AlternateDataStreams: C:\ProgramData\TEMP:19F60666
AlternateDataStreams: C:\Users\ron\Local Settings:init
AlternateDataStreams: C:\Users\ron\Desktop\Webx1669.mp4:TOC.WMV
AlternateDataStreams: C:\Users\ron\Desktop\Wild_KittyCat.07.09.13.mp4:TOC.WMV
AlternateDataStreams: C:\Users\ron\AppData\Local:init
AlternateDataStreams: C:\Users\ron\AppData\Local\Application Data:init
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#34
Marcus1122

Marcus1122

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
To make clear, I have Rufus, first on driver then copied to desktop.

I'm to run rufus on desktop?

Thx
  • 0

#35
Marcus1122

Marcus1122

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts



Select the ISO file on the desktop via the ISO icon.

Am I suppose to check the rufus icon or frst icon?

Thx
  • 0

#36
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That's right have both the ISO file and Rufus on the desktop
Then start Rufus and use the ISO icon to select the ISO file for burning
  • 0

#37
Marcus1122

Marcus1122

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
I'm guessing the drive icon?
  • 0

#38
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
RufusISO.JPG

The icon in green
  • 0

#39
Marcus1122

Marcus1122

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Green?

So it should say iso image and show the picture of the disk?
  • 0

#40
Marcus1122

Marcus1122

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Iso file on desktop?
  • 0

Advertisements


#41
Marcus1122

Marcus1122

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Ok my rufus program looks like the pics u sent but there is no info in the bottom green box
  • 0

#42
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That will appear once you select the ISO file on the desktop
  • 0

#43
Marcus1122

Marcus1122

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
WHICH ICON ON DESKTOP?

The rufus icon? Please be specific
  • 0

#44
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The Vista ISO that you downloaded

Click on Rufus the ISO image
This will open an explorer window
Navigate to the Vista ISO that is on your desktop and click that
Rufus will then burn that to the USB when you press start
  • 0

#45
Marcus1122

Marcus1122

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Totally different from any instructions u posted before.

Let me go thru and see if I can figure out.

If not. Is better to run frst in safe or normal mode?

Thx
  • 0






Similar Topics


Also tagged with one or more of these keywords: malware, frst

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP