Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Startup Menu File Missing, Desktop with no taskbar, icons, or start bu


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Very few websites use Java these days.  It was just too vulnerable to malware so we are recommending that it be removed.  Of course the malware writers know that so they have switched to Flash

 

Foistware are progams that you get foisted on you that you don't need or want.  When you download the latest adobe Reader they will "offer" you some additional software.  You have to uncheck the box in front of the extra software or you will get stuck with it.  They are pretty sneaky about it too.  It is always the last thing to show up on the download page so if you are in a hurry and hit download without unchecking the boxes because they haven't appeared yet you will get it foisted on you.  Same when you download Java.


  • 0

Advertisements


#17
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [SystweakASP] => /verysilent
HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [SearchProtection] => "C:\Documents and Settings\Wayne\Application Data\Search Protection\SearchProtection.EXE" /autostart
HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1343024091-2052111302-1177238915-1003\...\CurrentVersion\Windows: [Run]   <===== ATTENTION
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-06-27]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
URLSearchHook: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 - (No Name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> DefaultScope {8FC5C97E-CDC4-4CCF-A7A3-72AB02E95266} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_secureddownload_14_41_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCzytB0FyDtB0F0A0FyCyCtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0A0D0DzzyD0C0AtGtD0ByDtDtG0C0ByEzytGtAzz0F0EtGtAzyyEtC0CtD0EzztAtA0E0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzz0A0CyE0AzytG0D0CzyzytGyEyB0CyDtG0Azy0EzytG0ByByBtCtC0CyDtCtAtA0E0D2Q&cr=1640802568&ir=
SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=242154&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> {8FC5C97E-CDC4-4CCF-A7A3-72AB02E95266} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_secureddownload_14_41_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCzytB0FyDtB0F0A0FyCyCtN0D0Tzu0StCtDtCyEtN1L2XzutAtFyDtFtCtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0A0D0DzzyD0C0AtGtD0ByDtDtG0C0ByEzytGtAzz0F0EtGtAzyyEtC0CtD0EzztAtA0E0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtBzz0A0CyE0AzytG0D0CzyzytGyEyB0CyDtG0Azy0EzytG0ByByBtCtC0CyDtCtAtA0E0D2Q&cr=1640802568&ir=
SearchScopes: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003 -> {E5B4158F-E345-4115-BE5A-4CE6C25171E2} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_secureddownload_14_44_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCzytB0FyDtB0F0A0FyCyCtN0D0Tzu0StCtDtAyBtN1L2XzutAtFyCtFtDtFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyBtA0FyE0EtDtAyCtGzz0AyEtCtGtD0B0BzztGzz0Fzz0CtGyBtDtB0AtB0B0C0CyBtA0Azy2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szyzzzy0ByBtB0CyCtGyDtD0CtDtGyEyE0EyBtG0ByEtBtBtGzyyEtD0C0A0Dzz0AtA0FtCtD2Q&cr=1234388902&ir=
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll [2016-05-24] (Yahoo! Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-21] (Oracle Corporation)
BHO: Ask Search Assistant BHO -> {9CB65201-89C4-402c-BA80-02D8C59F9B1D} -> C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-21] (Oracle Corporation)
BHO: Ask Toolbar BHO -> {FE063DB1-4EC0-403e-8DD8-394C54984B2C} -> C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL => No File
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll [2016-05-24] (Yahoo! Inc.)
Toolbar: HKLM - Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF user.js: detected! => C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\user.js [2014-11-02]
FF SearchPlugin: C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\searchplugins\Astromenda.xml [2014-11-02]
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Wayne\Application Data\Mozilla\Firefox\Profiles\n6jva1re.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2) [2014-08-26] [not signed]
FF HKLM\...\Mozilla Firefox 48.0\Extensions: [Components] - C:\Program Files\Mozilla Firefox\components => not found
FF HKLM\...\Mozilla Firefox 48.0\Extensions: [Plugins] - C:\Program Files\Mozilla Firefox\plugins => not found
S2 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [107848 2015-05-08] (Google Inc.)
S3 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [107848 2015-05-08] (Google Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [239880 2016-05-31] (McAfee, Inc.)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 YahooAUService; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [602392 2008-11-09] (Yahoo! Inc.)
R3 COMSysApp; C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{00157407-506A-43C8-ABED-0F6E896D2261}
2016-08-11 11:27 - 2014-10-10 18:27 - 00000414 _____ C:\WINDOWS\Tasks\At2.job
2016-08-11 08:55 - 2015-09-27 18:48 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2016-08-11 08:54 - 2015-05-08 12:09 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-11 08:54 - 2014-08-21 19:24 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-08-08 15:00 - 2014-08-21 19:24 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-08-03 00:36 - 2015-09-27 18:48 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2016-02-07 18:02 - 2016-02-07 18:02 - 0000000 _____ () C:\Program Files\GUM6F.tmp
C:\Windows\Tasks\At2.job
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Wayne\Application Data\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1343024091-2052111302-1177238915-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Wayne\Application Data\Dropbox\bin\Dropbox.exe /wiacallback => No File
Task: C:\WINDOWS\Tasks\At2.job => C:\DOCUME~1\Wayne\APPLIC~1\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\klcp_update.job => CMD /C sc create KLCPU binPath CMD /V /C SET \FILE \ ProgramFiles \ Lite Codec Pack Tools CodecTweakTool exe\\ IF EXIST FILE START \CTT\ FILE /verysilent /update /freq 30 type own type interact net start KLCPU sc delete KLCPU CMD Wayne
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
C:\Documents and Settings\Guest\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Guest\Local Settings\Temp\IadHide4.dll
C:\Documents and Settings\Guest\Local Settings\Temp\NeroSearchTrayHook_{4EC95C7B-3477-4D2D-9610-881E874D417A}.dll
C:\Documents and Settings\Wayne\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Wayne\Local Settings\Temp\IadHide4.dll
2015-09-27 18:46 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-27 18:46 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-27 18:46 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service






















 


  • 0

#18
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

Java Removed

Spybot Search and Destroy removed

McAfee removed

Yahoo Toolbar removed


  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
You post my fixlist.
 
Run FRST and press Fix
A fix log will be generated please post that 

  • 0

#20
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

Running FRST found difficulty in doing a "fix"


  • 0

#21
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

Running FRST found difficulty in doing a "fix". Received message indicating no fix list could be found


  • 0

#22
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

Running FRST found difficulty in doing a "fix". Received message indicating no fix list could be found


  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

The fixlist has to be in the same folder as FRST.  You have FRST in C:\Documents and Settings\Wayne\My Documents\Dropbox\

so that's where the fixlist.txt files needs to be.  


  • 0

#24
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts
Ok
  • 0

#25
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

In order for FRST to pick up notebook should i put FRST and scan results in a specific folder in Dropbox? If so I will run FRST again.


  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

They just have to be in the same folder.  Doesn't matter which.


  • 0

#27
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

There must be something i am doing wrong.  When I run FRST I get a notepad result, but when I try to do a fix I get a message that fixlist cannot be found although it appears in my Dropbox folder.


  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Something odd.  Do you also see the FRST.exe in the same folder?


  • 0

#29
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

Only the notebook version of result and the FRST program itself. no file called FRST.exe


  • 0

#30
waynf

waynf

    Member 1K

  • Topic Starter
  • Member
  • PipPipPipPip
  • 1,057 posts

I did a Windows search and no FRST..exe file found anywhere


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP