Jump to content
Sign in to follow this  
Sweetpotato

possible malware?

Recommended Posts

Ok. Ill get back when it finishes. Thanks.

Just wanted to let you know that I am able to access my control panel in safe mode now.

Edited by Sweetpotato

Share this post


Link to post
Share on other sites

Finish up running the other tools suggested, if it still doesn't work after running those try

 

 

The download below will allow you to restore the Windows 7 default registry entries and program associations of the selected file extension type

 

 

http://www.sevenforums.com/attachments/tutorials/271372d1370545116-default-file-type-associations-restore-default_cpl.reg

 

Save the .reg file to your desktop.

 

Right click on the downloaded .reg file, and click on Merge.

NOTE: If you wish to see what changes will be made by the REG file, then you can right click on the extracted REG file and click on Edit to see the default registry entries that will be added. REG files are just text files. The "Edit" function just opens them in Notepad.

 

If you do not see a Merge option when you right click on the REG file, then you will need to check in Default Programs to set the reg file extension to have it's Current Default program set as Registry Editor (C:\Windows\regedit.exe). Afterwards, try merging the REG file again.

 

If prompted, click on Run, Yes (UAC), Yes, and OK.

When finished, you can delete the downloaded .zip or .reg files on the desktop if you like.

 

Log off and log on, or restart the computer to apply.

Share this post


Link to post
Share on other sites

just finished and still the same. Will do the rest. It is still the same. Do you think I should go into safe mode to get rid of iobit and kaspersky? Also, just a question if ok, why is it or has it been so difficult to remove a program like kaspersky?

Edited by Sweetpotato

Share this post


Link to post
Share on other sites

 

Do you think I should go into safe mode to get rid of iobit and kaspersky? Also, just a question if ok, why is it or has it been so difficult to remove a program like kaspersky

 

All I can think of is embedded services, registry keys, and drivers.

 

Yes, it's worth a try to boot into safemode and see if you can get out what remains.

 

I'll have to check back in the morning.

Share this post


Link to post
Share on other sites

how's it go today?

 

What steps were you able to complete, were there error messages?

Share this post


Link to post
Share on other sites

I was able to get rid of kaspersky and the iobit programs, but I still cant access my control panel in regular start up mode.

Edited by Sweetpotato

Share this post


Link to post
Share on other sites

Follow the below steps to perform a SFC Scan -

 

a. ClickStart, click All Programs, click Accessories, right-clickCommand Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or clickAllow

 

b. Type the following command, and then press ENTER:

 

sfc /scannow

 

A message will appear stating that 'The system scan will begin'. Be patient because the scan may take some time

 

c. If any files require a replace SFC will replace them. You may be asked to insert your Win7 DVD for this process to continue

 

d. If everything is okay you should, after the scan, see the following message "Windows resource protection did not find any integrity violations"

 

e. After the scan has completed, close the command prompt window, restart the computer and check.

 

Check the below mentioned link for further guidance on SFC scan -http://support.microsoft.com/kb/929833

 

Method 2:

 

I would suggest you to check in a clean boot state.To perform the clean boot follow the step 1 mentioned in the below article and then try opening the file in this clean boot state - http://support.microsoft.com/kb/929135

 

 

 

After you have finished troubleshooting, follow these steps to reset the computer to start as usual:

 

a. Click Start, type msconfig.exe in the Start Search box, and then press ENTER.

If you are prompted for an administrator password or for confirmation, type your password, or click Continue.

 

b. On the General tab, click the Normal Startup option, and then click OK.

 

c. When you are prompted to restart the computer, click Restart.

 

Hope this helps.

Share this post


Link to post
Share on other sites

Did all the steps above and am still having the same problem. Do you think that I should also go ti services and put everything there to run also? In the bottom of the computer, it also states that Intel RST service is not running

Edited by Sweetpotato

Share this post


Link to post
Share on other sites

Was there something you disabled in startups?

through msconfig?

Share this post


Link to post
Share on other sites

Go here to download HJT

http://www.bleepingcomputer.com/download/hijackthis/

  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

Share this post


Link to post
Share on other sites

try this

a. Press Windows + R,

b. In the run box type ‘Services.msc’

c. Right click on Intel Rapid storage technology service and Click on Start

Share this post


Link to post
Share on other sites

I disabled some programs a while back, but it was before any of this started.Was just wondering if by chance it would do something. Probably just grasping at straws. Thanks. I'll try the HJT and post back

Share this post


Link to post
Share on other sites
Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:23:11 PM, on 1/12/2015

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17496)

Boot mode: Normal


Running processes:

C:\Users\Ginny\AppData\Local\FluxSoftware\Flux\flux.exe

C:\Program Files\AVAST Software\Avast\avastui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Users\Ginny\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll

O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll

O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [f.lux] "C:\Users\Ginny\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow

O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto

O4 - Startup: Dropbox.lnk = Ginny\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe

O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe

O8 - Extra context menu item: LastPass - file://C:\Users\Ginny\AppData\LocalLow\LastPass\context.html?cmd=lastpass

O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Ginny\AppData\LocalLow\LastPass\context.html?cmd=fillforms

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll

O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll

O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Netlogon - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: SNMP Trap (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


--

End of file - 11107 bytes

Share this post


Link to post
Share on other sites

O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto

 

is still listed

 

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

 

The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

If an item needs to be placed back in startups we will use MSCONFIG to reverse.

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

 

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto

O4 - Startup: Dropbox.lnk = Ginny\AppData\Roaming\Dropbox\bin\Dropbox.exe

 

reboot your machine and let me know how things are now,

Share this post


Link to post
Share on other sites

Things boot a bit faster now but I still have that trouble with windows explorer. My firewall is off, but I see that windows update is fine now.

Share this post


Link to post
Share on other sites

Do you have any updates listed as critical or important?

 

Let's check and see if you have this windows update

KB 3004394

 

Go to the start bar

click on all programs

Windows update

View update history, if it will allow you, look at the top where it says Uninstall an update

check for KB3004394, if you see it, I think right click on that and remove it.

 

Sweetpotato, thank you for all your patience in trying to resolve these issues but, we may be at the end of what can be done.

I want you to read over the link below, because this is probably where we are at now.

 

 

http://www.sevenforums.com/tutorials/3413-repair-install.html

Share this post


Link to post
Share on other sites

I din't have that update.I will read that link that you gave me and then respond. I know it might be getting late for and I thank so much for your time.

Share this post


Link to post
Share on other sites

I'm only able to reply by cell phone right now but, SweetPotato, IF you and Juliet have all the nasties cleaned out, then the link for a repair install given by Juliet is the way to go. HOWEVER, the system has to be clean first. Follow the guidelines in that link and you'll be alright.

 

 

 

 

:geezer:

Share this post


Link to post
Share on other sites

Thank You. Its going to be a few days or more before I can read everything and tackle the job. I think i've done some similar things before but have to say I am always scared before I make the leap in.I will definitely give and update either way. I think I have the disks from before. Have to find them. Thank You all for the help. :)

Share this post


Link to post
Share on other sites

ok, I did this this morining and so far,everything is working good. I have a few more things to look into and get back. Thank You.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...