Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MyCleanPC won't go away [Solved]

Started by Trmahnd725 , Feb 18 2015 10:49 AM

  • This topic is locked This topic is locked

#16
Trmahnd725
Posted 25 February 2015 - 07:51 PM

Trmahnd725

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Got it. Running the processes now. Question - is all of this just for MyCleanPC or was my computer just really screwed up?
  • 0

Advertisements

#17
Trmahnd725
Posted 25 February 2015 - 08:01 PM

Trmahnd725

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
RogueKiller V10.4.3.0 [Feb 23 2015] by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Traumahound [Administrator]
Mode : Scan -- Date : 02/25/2015  20:57:04
 
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] SpotifyWebHelper.exe(3896) -- C:\Users\Traumahound\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[7] -> Killed [TermProc]
 
¤¤¤ Registry : 8 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-3272152510-108270792-3573528853-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify Web Helper : "C:\Users\Traumahound\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"  -> Found
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://us.rd.yahoo.c...aults/sp/msgr9/*http://www.yahoo.com  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3272152510-108270792-3573528853-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://us.rd.yahoo.c...aults/sp/msgr9/*http://www.yahoo.com  -> Found
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | AntiVirusDisableNotify :  -> Found
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | FirewallDisableNotify :  -> Found
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | UpdatesDisableNotify :  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] ::1             localhost
 
¤¤¤ Antirootkit : 42 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x8be01e30
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x8be01f10
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[18] : Unknown @ 0x8bdf9a30
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[21] : Unknown @ 0x8bd3ae50
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[42] : Unknown @ 0x8be015d8
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[67] : Unknown @ 0x8be01b80
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[77] : Unknown @ 0x8be012f8
[SSDT:Addr(Hook.SSDT)] NtCreateThread[78] : Unknown @ 0x8bdf9e78
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[116] : Unknown @ 0x8be016b8
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[129] : Unknown @ 0x8bdf9bc0
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[147] : Unknown @ 0x8bdf7ef0
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[156] : Unknown @ 0x8be01c70
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[158] : Unknown @ 0x8be01d50
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[165] : Unknown @ 0x8bd3a520
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[177] : Unknown @ 0x8bdf7df0
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[184] : Unknown @ 0x8be01aa0
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[194] : Unknown @ 0x8bdf9d60
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[195] : Unknown @ 0x8bdf9b00
[SSDT:Addr(Hook.SSDT)] NtOpenSection[197] : Unknown @ 0x8be018e0
[SSDT:Addr(Hook.SSDT)] NtOpenThread[201] : Unknown @ 0x8bdf9c90
[SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[210] : Unknown @ 0x8be014e8
[SSDT:Addr(Hook.SSDT)] NtResumeThread[282] : Unknown @ 0x8be01fd0
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x8bdf7b40
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[305] : Unknown @ 0x8bdf7c20
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[317] : Unknown @ 0x8be01798
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[330] : Unknown @ 0x8be019c0
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[331] : Unknown @ 0x8bdf7980
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : Unknown @ 0x8bdf9f58
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[335] : Unknown @ 0x8bdf7a60
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[348] : Unknown @ 0x8bdf7d10
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[358] : Unknown @ 0x8bdf7fc0
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[382] : Unknown @ 0x8be013e8
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[317] : Unknown @ 0x8bfab718
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[397] : Unknown @ 0x8be14418
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[428] : Unknown @ 0x8be14338
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[430] : Unknown @ 0x8be144f8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[442] : Unknown @ 0x8be145d8
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[479] : Unknown @ 0x8b44e900
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[497] : Unknown @ 0x8b44e008
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[498] : Unknown @ 0x8b44e9f0
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x8e1692c8
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x8bfab808
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1600BEVT-60ZCT1 ATA Device +++++
--- User ---
[MBR] 11a779a9afe9638f690fc22f238d5b06
[BSP] c76b7854869366d011f8060bf0bf5bc0 : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 141441 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 289673216 | Size: 11182 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
ESET Log
 
C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir a variant of Win32/Systweak.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\{4bbc3b2f-4023-460e-8404-cfddb6e4477d}t.sys.vir a variant of Win32/Komodia.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\{4df60d2c-927b-478c-83f0-b7dc923bae60}t.sys.vir a variant of Win32/Komodia.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\{6b89253f-7097-40c7-9ead-2d5b1ceb02e2}Gt.sys.vir a variant of Win32/Komodia.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\{94d62e35-4b43-494c-bf52-ba5935df36ef}Gt.sys.vir a variant of Win32/Komodia.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gt.sys.vir a variant of Win32/Komodia.A potentially unsafe application
C:\FRST\Quarantine\C\Program Files\USTechSupport\PC Optimizer\USTSPCOCheckUpdate.exe a variant of Win32/Systweak.L potentially unwanted application
C:\FRST\Quarantine\C\Program Files\USTechSupport\PC Optimizer\USTSPCOHelper.dll a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\FoxTabVideoConverter\VideoConverter.exe a variant of Win32/InstallCore.A potentially unwanted application
C:\Users\Traumahound\Downloads\Spotify Download Manager (1).exe a variant of Win32/InstallCore.QW potentially unwanted application
C:\Users\Traumahound\Downloads\Spotify Download Manager.exe a variant of Win32/InstallCore.QW potentially unwanted application
C:\Users\Traumahound\Downloads\spybot_setup.exe a variant of Win32/InstallCore.WX potentially unwanted application
C:\Users\Traumahound\Downloads\TDSSKiller.exe Win32/OutBrowse.BU potentially unwanted application
 

  • 0

#18
LiquidTension
Posted 26 February 2015 - 12:56 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hi Jonathan, 
 

Question - is all of this just for MyCleanPC or was my computer just really screwed up?

We've removed a lot of adware/PUPs (Potentially Unwanted Programmes), browser hijackers and other undesirable software from your computer. MyCleanPC was not the only software needing removed. 
 
------------
 
Your Anti-Virus (Norton Internet Security) is outdated and possibly corrupt. Is your version of Norton paid-for or free? If paid-for, is the subscription still valid, or do you need to renew? 
 
Would you like to stick with Norton, or switch to an alternative (free or paid-for)?
 
------------
 
Please do the following. 
 
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
CreateRestorePoint:
C:\Program Files\FoxTabVideoConverter
C:\Users\Traumahound\Downloads\Spotify Download Manager (1).exe
C:\Users\Traumahound\Downloads\Spotify Download Manager.exe
C:\Users\Traumahound\Downloads\spybot_setup.exe
C:\Users\Traumahound\Downloads\TDSSKiller.exe
Toolbar: HKU\S-1-5-21-3272152510-108270792-3573528853-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

  • 0

#19
Trmahnd725
Posted 26 February 2015 - 01:04 PM

Trmahnd725

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I'd like to switch out a good quality free version is you know of one. A lot of the bad stuff was from where i downloaded programs and chose the "recommended" installation method. I've since learned not to do it that way and why but the damage was already done
  • 0

#20
LiquidTension
Posted 26 February 2015 - 06:06 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hello, 
 
The only only free Anti-Virus software I recommend are the following:

However...
Whilst Microsoft Security Essentials (MSE) is extremely lightweight and simple to use, the programme has been critisied for its detection ratio.
avast! bundles unnecessary software and add-ons. 
 
Out of the two, I would go with avast!, but ensure you carefully read each page during the installation. I recommend unchecking the installation of add-ons such as "Grime Fighter" and "Software Updater".
 
---------
 
Before installing your Anti-Virus of choice, please ensure you use Revo to uninstall Norton Internet Security
Best practice is to also download and save the Anti-Virus setup file to your Desktop before uninstalling your current Anti-Virus. Once uninstalled, use the setup file to install your new Anti-Virus. 
 
---------
 
At the end of this process I will provide recommended reading material and supplementary programmes that will help reduce the risk of reinfection. An Anti-Virus alone is not enough to protect you from today's threat; knowledge and a layered security solution are necessary nowadays.
 
Let me know when you've sorted the Anti-Virus, and we will move onto the final stages - updating vulnerable software and removing the tools we've used.


  • 0

#21
Trmahnd725
Posted 26 February 2015 - 06:15 PM

Trmahnd725

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
My Norton is out of date. Will it still let me download the updated list... for free?
  • 0

#22
LiquidTension
Posted 26 February 2015 - 06:23 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

You must only have one Anti-Virus installed at any time. 

As you want to replace Norton, the programme must be uninstalled. It doesn't matter if the programme is out of date; it can still be uninstalled. 

 

Pick between MSE and avast!. You can't have both - only one. Download the setup file of your choice and save the file to your Desktop. 

Open Revo and uninstall Norton Internet Security. 

Open the Anti-Virus setup file saved to your Desktop, and follow the prompts to install the programme. 

 

------------

 

Norton Internet Security is a subscription based programme. In order to use the programme, yearly payments are required. If you wish to use Norton, you will need to renew your subscription. 


  • 0

#23
Trmahnd725
Posted 27 February 2015 - 08:34 AM

Trmahnd725

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I am working on the avast! install. This seems like a dumb question but do i uncheck all of the add ons or just software updater and grine fighter. There are 7 others.
  • 0

#24
LiquidTension
Posted 27 February 2015 - 01:53 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hello, 

 

Ultimately, the decision is yours.

But I would recommend unchecking the Software Updater, Grime Fighter and Browser Cleanup.


  • 0

#25
Trmahnd725
Posted 27 February 2015 - 02:53 PM

Trmahnd725

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

avast is installed and everything seems to be doing well


  • 0

Advertisements

#26
LiquidTension
Posted 27 February 2015 - 04:57 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

avast is installed and everything seems to be doing well

Good job. 
 
Don't forget to run the FRST Script from Post #18 if you've yet to do so. 
 
------------
 
Our last job before finishing up is to update your vulnerable software to reduce the risk of reinfection. 
 
STEP 1
CXrghb6.png Update Outdated Software
Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 2
EtQetiM.png Remove Outdated Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
  • Note: The programmes below may not be present. If this is the case, please skip to the next step.
    • Adobe Reader 9.5.5
    • HiJackThis
    • HijackThis 2.0.2
    • Java 7 Update 55
    • Java™ 6 Update 7
  • Follow the prompts, and reboot if necessary.
     

STEP 3
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

  • Click the 29Fou9c.jpg Windows Start Button  and type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the AVOiBNU.jpg Windows User Account Control (UAC) appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 4
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • checkup.txt
  • How is your computer performing? Are there any outstanding issues?

  • 0

#27
Trmahnd725
Posted 28 February 2015 - 06:02 PM

Trmahnd725

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

I ran the FRST script earleir as directed.  Do I need to do it again?


  • 0

#28
LiquidTension
Posted 28 February 2015 - 06:13 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts
Nope, I was just checking. If you already have, that's fine.
  • 0

#29
Trmahnd725
Posted 28 February 2015 - 06:15 PM

Trmahnd725

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
One more question while I'm updating these software items. I tried to update adobe flash player and it said that Google Chrome already has adobe flash player and keeps it up to date. Do i install the plug in anyway?
  • 0

#30
LiquidTension
Posted 28 February 2015 - 06:55 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hello, 

 

If Chrome is the only browser you use, I suggest uninstalling Adobe Flash Player. 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP