Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Bugs eating background, background changed to blue with spyware warning ...  (Read 38623 times)

0 Members and 1 Guest are viewing this topic.

ComputerTired

    Topic Starter


    Beginner

    Key: HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}   Quarantined Trace.Registry.WindUpdates.MediaGateway
    Key: HKEY_CLASSES_ROOT\interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}   Quarantined Trace.Registry.WebSearchToolbar
    Key: HKEY_CLASSES_ROOT\interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd}   Quarantined Trace.Registry.WebSearchToolbar
    Key: HKEY_CLASSES_ROOT\interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}   Quarantined Trace.Registry.WebSearchToolbar
    Key: HKEY_CLASSES_ROOT\interface\{66c22569-f05c-4a70-a142-763b337e1002}   Quarantined Trace.Registry.WebSearchToolbar
    Key: HKEY_CLASSES_ROOT\interface\{6f59d850-a155-4930-98ae-689a2bc7b8e8}   Quarantined Trace.Registry.WebSearchToolbar
    Key: HKEY_CLASSES_ROOT\interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303}   Quarantined Trace.Registry.WebSearchToolbar
    Key: HKEY_CLASSES_ROOT\interface\{99aa88d1-d9d3-410a-be9e-044f94c183da}   Quarantined Trace.Registry.WebSearchToolbar
    Key: HKEY_CLASSES_ROOT\interface\{c380566d-f343-42ab-987b-6b38a1a35747}   Quarantined Trace.Registry.WebSearchToolbar
    Key: HKEY_CLASSES_ROOT\interface\{d1951679-1d52-43fc-9585-0737143585f5}   Quarantined Trace.Registry.WebSearchToolbar
    Key: HKEY_CLASSES_ROOT\interface\{f273d4ea-2025-4410-8408-251a0cd46be7}   Quarantined Trace.Registry.WebSearchToolbar
    Key: HKEY_CLASSES_ROOT\protocols\handler\tpro   Quarantined Trace.Registry.WebSearchToolbar
    Key: HKEY_CLASSES_ROOT\protocols\name-space handler\res\toolbar.resprotocol   Quarantined Trace.Registry.WebSearchToolbar
    Key: HKEY_CLASSES_ROOT\protocols\name-space handler\res   Quarantined Trace.Registry.WebSearchToolbar
    Key: HKEY_CLASSES_ROOT\radio.radioplayer   Quarantined Trace.Registry.WebSearchToolbar
    Key: HKEY_CLASSES_ROOT\typelib\{b23b3add-84b1-414a-92b9-0cabe5a781f4}   Quarantined Trace.Registry.WebSearchToolbar
    Key: HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{87067f04-de4c-4688-bc3c-4fcf39d609e7}   Quarantined Trace.Registry.WebSearchToolbar
    Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\sto   Quarantined Trace.Registry.WebSearchToolbar
    Key: HKEY_USERS\S-1-5-21-354348320-3626668711-587776703-1007\software\local appwizard-generated applications\popup   Quarantined Trace.Registry.UnclassifiedDialer
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\TopMoxie\TopSearch --> UniqueMachineId   Quarantined Trace.Registry.TopSearch
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TSL Installer --> NoRemove   Quarantined Trace.Registry.TargetSaver
    Key: HKEY_LOCAL_MACHINE\software\ddate   Quarantined Trace.Registry.SpywareWall
    Key: HKEY_USERS\S-1-5-21-354348320-3626668711-587776703-1007\software\lq   Quarantined Trace.Registry.SearchMiracle.EliteBar
    Key: HKEY_CLASSES_ROOT\interface\{83a13e87-fa20-4b6a-aae8-c1226b5e1573}   Quarantined Trace.Registry.Search-Exe
    Key: HKEY_CLASSES_ROOT\clsid\{205ff73b-ca67-11d5-99dd-444553540013}   Quarantined Trace.Registry.RegistryCleaner
    Key: HKEY_CLASSES_ROOT\typelib\{205ff72e-ca67-11d5-99dd-444553540013}   Quarantined Trace.Registry.RegistryCleaner
    Key: HKEY_LOCAL_MACHINE\software\autoloader   Quarantined Trace.Registry.PeopleOnPage
    Key: HKEY_CLASSES_ROOT\appid\{c81cff28-6df1-402f-b78c-d9493ef59882}   Quarantined Trace.Registry.NetworkEssentials
    Key: HKEY_CLASSES_ROOT\appid\hp.exe   Quarantined Trace.Registry.NetworkEssentials
    Key: HKEY_CLASSES_ROOT\hp.hopper.1   Quarantined Trace.Registry.NetworkEssentials
    Key: HKEY_CLASSES_ROOT\hp.hopper   Quarantined Trace.Registry.NetworkEssentials
    Key: HKEY_CLASSES_ROOT\interface\{1423903e-86cc-4470-8ab0-257c10d77d45}   Quarantined Trace.Registry.NetworkEssentials
    Key: HKEY_CLASSES_ROOT\interface\{4dea7ca1-3372-4204-937c-2dd4a6ed6562}   Quarantined Trace.Registry.NetworkEssentials
    Key: HKEY_CLASSES_ROOT\typelib\{47350d97-09e9-4590-864e-3431da53bf37}   Quarantined Trace.Registry.NetworkEssentials
    Key: HKEY_LOCAL_MACHINE\software\classes\appid\{c81cff28-6df1-402f-b78c-d9493ef59882}   Quarantined Trace.Registry.NetworkEssentials
    Value: HKEY_LOCAL_MACHINE\software\classes\appid\hp.exe --> appid   Quarantined Trace.Registry.NetworkEssentials
    Key: HKEY_LOCAL_MACHINE\software\classes\hp.hopper.1   Quarantined Trace.Registry.NetworkEssentials
    Key: HKEY_LOCAL_MACHINE\software\classes\hp.hopper\clsid   Quarantined Trace.Registry.NetworkEssentials
    Key: HKEY_LOCAL_MACHINE\software\classes\hp.hopper\curver   Quarantined Trace.Registry.NetworkEssentials
    Key: HKEY_LOCAL_MACHINE\software\classes\hp.hopper   Quarantined Trace.Registry.NetworkEssentials

    ComputerTired

      Topic Starter


      Beginner

      Key: HKEY_LOCAL_MACHINE\software\classes\interface\{1423903e-86cc-4470-8ab0-257c10d77d45}   Quarantined Trace.Registry.NetworkEssentials
      Key: HKEY_LOCAL_MACHINE\software\classes\interface\{4dea7ca1-3372-4204-937c-2dd4a6ed6562}   Quarantined Trace.Registry.NetworkEssentials
      Key: HKEY_LOCAL_MACHINE\software\classes\interface\{a42dc659-33b5-409e-a433-650ac42ecca4}   Quarantined Trace.Registry.NetworkEssentials
      Key: HKEY_LOCAL_MACHINE\software\classes\interface\{a8516f49-8046-4295-8ee9-c59d5041c9e2}   Quarantined Trace.Registry.NetworkEssentials
      Key: HKEY_LOCAL_MACHINE\software\classes\interface\{fb82ccd5-174b-4379-bc37-72d9b5adaeda}   Quarantined Trace.Registry.NetworkEssentials
      Key: HKEY_LOCAL_MACHINE\software\classes\typelib\{47350d97-09e9-4590-864e-3431da53bf37}   Quarantined Trace.Registry.NetworkEssentials
      Key: HKEY_CLASSES_ROOT\clsid\{147a976e-eee1-4377-8ea7-4716e4cdd239}   Quarantined Trace.Registry.MyWebSearchToolbar
      Key: HKEY_CLASSES_ROOT\clsid\{147a976e-eee1-4377-8ea7-4716e4cdd239}   Quarantined Trace.Registry.MyWebSearchToobar
      Value: HKEY_USERS\S-1-5-21-354348320-3626668711-587776703-1007\software\microsoft\windows\currentversion\run --> ssgrate.exe   Quarantined Trace.Registry.Mitglieder
      Key: HKEY_CLASSES_ROOT\interface\{205ff73a-ca67-11d5-99dd-444553540013}   Quarantined Trace.Registry.MediaTickets
      Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\media-motor --> Changed   Quarantined Trace.Registry.MediaMotor
      Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\media-motor --> SlowInfoCache   Quarantined Trace.Registry.MediaMotor
      Key: HKEY_LOCAL_MACHINE\software\classes\hp.hopper.1\clsid   Quarantined Trace.Registry.MediaLoadsEnhanced
      Value: HKEY_LOCAL_MACHINE\SOFTWARE\mm --> check   Quarantined Trace.Registry.InternetOptimizer
      Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\inexplorersch --> Changed   Quarantined Trace.Registry.inExplorer Toolbar
      Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\inexplorersch --> SlowInfoCache   Quarantined Trace.Registry.inExplorer Toolbar
      Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inexplorersch --> DisplayIcon   Quarantined Trace.Registry.inExplorer Toolbar
      Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inexplorersch --> DisplayName   Quarantined Trace.Registry.inExplorer Toolbar
      Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inexplorersch --> UninstallString   Quarantined Trace.Registry.inExplorer Toolbar
      Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/wupdt.exe   Quarantined Trace.Registry.IEPlugin
      Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/wupdt.exe --> .Owner   Quarantined Trace.Registry.IEPlugin
      Key: HKEY_CLASSES_ROOT\interface\{234f09fb-fe89-4c6d-9203-31832fc051c3}   Quarantined Trace.Registry.IBISToolbar
      Key: HKEY_CLASSES_ROOT\interface\{365b9a54-e613-46e5-9db1-4f91a9de80bd}   Quarantined Trace.Registry.IBISToolbar
      Key: HKEY_CLASSES_ROOT\interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}   Quarantined Trace.Registry.IBISToolbar
      Key: HKEY_CLASSES_ROOT\interface\{66c22569-f05c-4a70-a142-763b337e1002}   Quarantined Trace.Registry.IBISToolbar
      Key: HKEY_CLASSES_ROOT\interface\{7b8bd940-b1ef-460c-85a2-9acaaf7f9303}   Quarantined Trace.Registry.IBISToolbar
      Key: HKEY_CLASSES_ROOT\interface\{99aa88d1-d9d3-410a-be9e-044f94c183da}   Quarantined Trace.Registry.IBISToolbar
      Key: HKEY_CLASSES_ROOT\interface\{d1951679-1d52-43fc-9585-0737143585f5}   Quarantined Trace.Registry.IBISToolbar
      Key: HKEY_CLASSES_ROOT\interface\{f273d4ea-2025-4410-8408-251a0cd46be7}   Quarantined Trace.Registry.IBISToolbar
      Key: HKEY_CLASSES_ROOT\protocols\handler\tpro   Quarantined Trace.Registry.IBISToolbar
      Key: HKEY_CLASSES_ROOT\protocols\name-space handler\res   Quarantined Trace.Registry.IBISToolbar
      Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\sto   Quarantined Trace.Registry.IBISToolbar
      Key: HKEY_CLASSES_ROOT\interface\{3116ed38-8599-4261-8f81-f43266ffaaff}   Quarantined Trace.Registry.FizzleWizzleEntertainmen tSearchbar
      Key: HKEY_CLASSES_ROOT\interface\{36a89c39-da76-49d6-98f8-0cbec6b8b352}   Quarantined Trace.Registry.FizzleWizzleEntertainmen tSearchbar
      Key: HKEY_CLASSES_ROOT\interface\{a42dc659-33b5-409e-a433-650ac42ecca4}   Quarantined Trace.Registry.Ezula
      Key: HKEY_CLASSES_ROOT\interface\{a8516f49-8046-4295-8ee9-c59d5041c9e2}   Quarantined Trace.Registry.Ezula
      Key: HKEY_CLASSES_ROOT\interface\{fb82ccd5-174b-4379-bc37-72d9b5adaeda}   Quarantined Trace.Registry.Ezula
      Key: HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0878b424-1f95-4e26-b5ab-f0d349d89650}   Quarantined Trace.Registry.EXactAdvertisingCashback
      Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0878B424-1F95-4E26-B5AB-F0D349D89650}\DownloadInformation --> CODEBASE   Quarantined Trace.Registry.eXact.FunCade
      Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0878B424-1F95-4E26-B5AB-F0D349D89650} --> Installer   Quarantined Trace.Registry.eXact.FunCade
      Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0878B424-1F95-4E26-B5AB-F0D349D89650} --> SystemComponent   Quarantined Trace.Registry.eXact.FunCade
      Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform --> Iebar   Quarantined Trace.Registry.Elite Toolbar
      Key: HKEY_LOCAL_MACHINE\software\classes\protocols\name-space handler\res\toolbar.resprotocol   Quarantined Trace.Registry.DownloadWare
      Key: HKEY_CLASSES_ROOT\typelib\{12ee7a5e-0674-42f9-a76c-000000004d00}   Quarantined Trace.Registry.BrowserAid
      Key: HKEY_CLASSES_ROOT\interface\{8eee58d5-130e-4cbd-9c83-35a0564e1357}   Quarantined Trace.Registry.BargainBuddy
      Key: HKEY_CLASSES_ROOT\interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}   Quarantined Trace.Registry.BargainBuddy
      Key: HKEY_CLASSES_ROOT\interface\{c6906a23-4717-4e1f-b6fd-f06ebed11357}   Quarantined Trace.Registry.BargainBuddy
      Key: HKEY_CLASSES_ROOT\interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}   Quarantined Trace.Registry.BargainBuddy
      Key: HKEY_CLASSES_ROOT\typelib\{d8bd4ded-5bb2-4d4e-9a6a-f10244fed7d6}   Quarantined Trace.Registry.AzeSearchToolbar
      Value: HKEY_CLASSES_ROOT\drs.n --> uid   Quarantined Trace.Registry.AdShooter.SearchForIt
      Key: HKEY_CLASSES_ROOT\interface\{2db1a6df-8120-47bd-9dce-cfcd47b17b24}   Quarantined Trace.Registry.AdShooter.SearchForIt
      Key: HKEY_CLASSES_ROOT\interface\{ab94d42b-64e9-436f-887c-cf38fe475cfc}   Quarantined Trace.Registry.AdShooter.SearchForIt
      Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\searchforitsearchforit --> displayname   Quarantined Trace.Registry.AdShooter.SearchForIt
      Value: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\searchforitsearchforit --> uninstallstring   Quarantined Trace.Registry.AdShooter.SearchForIt
      Key: HKEY_CLASSES_ROOT\interface\{1cfb8b32-4053-4144-af6f-1540eec7f101}\typelib   Quarantined Trace.Registry.AdLogix
      Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\tsl installer   Quarantined Trace.Registry.180Solutions
      c:\windows\system32\winupdt.bin   Quarantined Trace.File.Windupdates
      c:\windows\system32\tbps.ini   Quarantined Trace.File.WebSearchToolbar
      c:\windows\downloaded program files\mirarsetup.inf   Quarantined Trace.File.Mirar
      c:\program files\inexplorersch\cache\home001.bmp   Quarantined Trace.File.inExplorer Toolbar
      c:\program files\inexplorersch\cache\zoom001.bmp   Quarantined Trace.File.inExplorer Toolbar
      c:\program files\inexplorersch\toolbar.ini   Quarantined Trace.File.inExplorer Toolbar
      c:\program files\inexplorersch\uninstall.exe   Quarantined Trace.File.inExplorer Toolbar
      c:\windows\button0.gif   Quarantined Trace.File.iePlugin
      c:\windows\button1.gif   Quarantined Trace.File.iePlugin
      c:\windows\button2.gif   Quarantined Trace.File.iePlugin
      c:\windows\button3.gif   Quarantined Trace.File.iePlugin
      c:\windows\downloaded program files\default.inf   Quarantined Trace.File.iePlugin
      c:\windows\system32\tbps.ini   Quarantined Trace.File.IBISToolbar
      c:\windows\system32\exclean.exe   Quarantined Trace.File.eXact.NaviSearch
      c:\windows\del.tmp   Quarantined Trace.File.Enhancemysearch
      c:\windows\searchen.dat   Quarantined Trace.File.Enhancemysearch
      c:\windows\system32\data.~   Quarantined Trace.File.E2Give(CharityNetwork)
      c:\windows\system32\key.~   Quarantined Trace.File.E2Give(CharityNetwork)
      c:\documents and settings\brittany horton\favorites\1111\1111.url   Quarantined Trace.File.Begin2Search
      c:\windows\system32\bbchk.exe   Quarantined Trace.File.BargainBuddy
      c:\windows\system32\exclean.exe   Quarantined Trace.File.BargainBuddy
      c:\windows\system32\winupdt.bin   Quarantined Trace.File.Agent
      c:\documents and settings\brittany horton\favorites\going places   Quarantined Trace.Directory.YourSiteBar
      c:\documents and settings\brittany horton\favorites\living   Quarantined Trace.Directory.YourSiteBar
      c:\documents and settings\brittany horton\favorites\shop   Quarantined Trace.Directory.YourSiteBar
      c:\documents and settings\brittany horton\favorites\technology   Quarantined Trace.Directory.YourSiteBar
      c:\program files\sf   Quarantined Trace.Directory.smily

      ComputerTired

        Topic Starter


        Beginner

        c:\documents and settings\brittany horton\favorites\casino & carrers   Quarantined Trace.Directory.SearchMiracle.EliteBar
        c:\documents and settings\brittany horton\favorites\finances & business   Quarantined Trace.Directory.SearchMiracle.EliteBar
        c:\documents and settings\brittany horton\favorites\health & insurance   Quarantined Trace.Directory.SearchMiracle.EliteBar
        c:\documents and settings\brittany horton\favorites\homelife & travel   Quarantined Trace.Directory.SearchMiracle.EliteBar
        c:\windows\elitesidebar   Quarantined Trace.Directory.SearchMiracle.EliteBar
        c:\documents and settings\brittany horton\favorites\1111   Quarantined Trace.Directory.SafeSurfing
        c:\program files\autoupdate   Quarantined Trace.Directory.PeopleOnPage
        c:\program files\downloadware\temp   Quarantined Trace.Directory.NetworkEssentials
        c:\program files\recommended hotfix - 421701d   Quarantined Trace.Directory.NetworkEssentials
        c:\documents and settings\brittany horton\favorites\-shopping-   Quarantined Trace.Directory.NetworkEssentials.SCBar
        c:\documents and settings\brittany horton\favorites\-sports-   Quarantined Trace.Directory.NetworkEssentials.SCBar
        c:\documents and settings\brittany horton\favorites\-travel-   Quarantined Trace.Directory.NetworkEssentials.SCBar
        c:\program files\inexplorersch   Quarantined Trace.Directory.inExplorer Toolbar
        c:\program files\inexplorersch\cache   Quarantined Trace.Directory.inExplorer Toolbar
        c:\sysfwb   Quarantined Trace.Directory.FizzleWizzleEntertainme ntSearchbar
        c:\program files\fwbartemp   Quarantined Trace.Directory.FizzleWizzleEntertainme ntSearchbar
        c:\program files\downloadware   Quarantined Trace.Directory.DownloadWare
        c:\program files\downloadware\cfg   Quarantined Trace.Directory.DownloadWare
        c:\program files\downloadware\downloads   Quarantined Trace.Directory.DownloadWare
        c:\windows\system32\dealhelper   Quarantined Trace.Directory.DealHelper.com
        c:\windows\system32\newmsrdk   Quarantined Trace.Directory.AlwaysUpdateNews
        c:\program files\common files\slmss   Quarantined Trace.Directory.2ndThought

        Quarantined

        Files:    14
        Traces:    164
        Cookies:    21

        ComputerTired

          Topic Starter


          Beginner

          I'm sorry if all of that seems a bit overwhelming but the attachment was too large to send.

          Hopefully this will send. This is the same as the above, pasted log, I just separated the attachment into two parts. Hopefully this will make things a bit easier.

          Thanks again for all the help thus far. You're totally amazing!!

          [recovering space - attachment deleted by admin]

          ComputerTired

            Topic Starter


            Beginner

            Here's the second part of the same log, just with the actions included.

            [recovering space - attachment deleted by admin]

            evilfantasy

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Calm like a bomb
            • Thanked: 493
            • Experience: Experienced
            • OS: Windows 11
            Download Combofix by sUBs from one of the below links.
            (Try all three if necessary)Important! Combofix.exe MUST be saved to and ran from the Desktop.
            • Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
            • Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
              • Click this link to see a list of security programs that should be disabled and how to disable them.
              • If yours is not listed and you don't know how to disable it, please ask.
            • Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
            • Double click combofix.exe & follow the prompts.
              • Choose Yes to accept the Disclaimers.
              • When finished, it will produce a log for you.
              • Post that log in your next reply.
              Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall
              • If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
              • Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
              CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

              If needed, see this Combofix tutorial with screenshots that will detail the downloading and running of combofix more thoroughly.

              ComputerTired

                Topic Starter


                Beginner

                Should I disable any of the programs that you informed me to install earlier in this post?

                I just finished disabling my Mcafee antivirus protection and firewall.

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Calm like a bomb
                • Thanked: 493
                • Experience: Experienced
                • OS: Windows 11
                That should be enough.

                ComputerTired

                  Topic Starter


                  Beginner

                  Alright, everything was going fine until the automatic restart that ComboFix did for the scan. The blue screen unfortunately came up, and I was forced to turn the computer off and back on. I did that and the ComboFix command prompt screen thing was up and it said it was preparing the log report. So, I waited and I read in the article that it said it takes it a whole so be patient.

                  I waited about 2 hours. The article said the time will fix itself and a new screen will pop up saying program is almost finished and it'll also say where the log file is located.

                  That screen didn't appear, but thanks to the article, I was able to locate it in my C drive.

                  Here's the log file. I'm not sure if the ComboFix program finished all of its steps however.


                  THANKS AGAIN FOR THE HELP !!

                  [recovering space - attachment deleted by admin]

                  evilfantasy

                  • Malware Removal Specialist
                  • Moderator


                  • Genius
                  • Calm like a bomb
                  • Thanked: 493
                  • Experience: Experienced
                  • OS: Windows 11
                  No it didn't complete but there was enough to do the next step. Hopefully it will complete this time. Combofix should never take more than 20 minutes. If it takes any longer then restart the PC manually.

                  This PC was seriously infected. Hopefully we are getting close to being ahead of the infections.

                  Delete these files/folders, as follows:

                  1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
                  It must be Notepad, not Wordpad.
                  • Click Start , then Run
                  • Type notepad.exe in the Run Box.
                  2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

                  Code: [Select]
                  KillAll::

                  File::
                  C:\Documents and Settings\Brittany Horton\Application Data\fovbs.exe
                  C:\LOG1D6.tmp
                  C:\WINDOWS\SYSTEM32\DhJGdn.syz
                  C:\LOG71.tmp
                  C:\WINDOWS\SYSTEM32\n3RMIj.syz
                  C:\LOG5EC.tmp
                  C:\LOG58F.tmp
                  C:\WINDOWS\SYSTEM32\rEpuD6.syz

                  3. Go to the Notepad window and click Edit > Paste
                  4. Then click File > Save
                  5. Name the file CFScript.txt - Save the file to your Desktop
                  6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



                  ComboFix will begin to execute, just follow the prompts.
                  After reboot (in case it asks to reboot), it will produce a log for you.
                  Post that log (Combofix.txt) in your next reply.

                  Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

                  ComputerTired

                    Topic Starter


                    Beginner

                    The reboot was great. No blue screen.  ;D

                    However, with startup, the program did the same thing. I'm not sure if it finished its steps. It didn't notify me of any log file being produced. I waited about twenty minutes this time and not a full 2 hours  :).

                    So, I checked the C drive again for another log in there. I hope this isn't the same log file.



                    [recovering space - attachment deleted by admin]

                    evilfantasy

                    • Malware Removal Specialist
                    • Moderator


                    • Genius
                    • Calm like a bomb
                    • Thanked: 493
                    • Experience: Experienced
                    • OS: Windows 11
                    It's getting most of the way but it isn't showing me the registry entries I need so we will run DSS to get them. This is a fairly quick scan so please be patient and let it finish. Be sure to get both logs posted.

                    Download Deckard's System Scanner (DSS) and save it to your Desktop.
                    • Close all other windows before proceeding.
                    • Double-click on dss.exe and follow the prompts.
                    • When it has finished, dss will open two Notepads main.txt and extra.txt
                    • Add the contents of main.txt and extra.txt in your next reply.

                    ComputerTired

                      Topic Starter


                      Beginner

                      Here are the logs.

                       :)

                      [recovering space - attachment deleted by admin]

                      evilfantasy

                      • Malware Removal Specialist
                      • Moderator


                      • Genius
                      • Calm like a bomb
                      • Thanked: 493
                      • Experience: Experienced
                      • OS: Windows 11
                      Go to add/remove programs and uninstall:

                      Java DB 10.3.1.4
                      Java(TM) SE Development Kit 6 Update 6
                      Viewpoint Media Player

                      ----------

                      Open Hijackthis and select Do a system scan only and place a check mark next to these entries:

                      - R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn
                      - R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
                      - R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw=
                      - O4 - HKLM\..\Run: [SoftwareUpdater] C:\WINDOWS\SoftwareUpdater.exe
                      - O4 - HKLM\..\Run: [GoogleUpdate] C:\Program Files\Internet Explorer\3424.EXE
                      - O4 - HKCU\..\Run: [SoftwareUpdater] C:\WINDOWS\SoftwareUpdater.exe
                      - O4 - HKCU\..\Policies\Explorer\Run: [shsxpr] C:\WINDOWS\System32\shsxpr.exe
                      - O16 - DPF: {10000000-1000-0000-1000-000000000000} - mhtml:file://C:\ARCHIVE.MHT!http://aseger.info/server.exe
                      - O16 - DPF: {10003000-1000-0000-1000-000000000000} - http://www.ethiotravelandtours.com/kav1.exe
                      - O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://d: oo.mht!http://www.ethiotravelandtours.com/x.chm::/money.e xe
                      - O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7.cab
                      - O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
                      - O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/228/installer.exe
                      - O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
                      - O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab

                      Important: Close all windows and then click Fix checked.

                      Exit Hijackthis.

                      ----------

                      Delete these files/folders, as follows:

                      1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
                      It must be Notepad, not Wordpad.
                      • Click Start , then Run
                      • Type notepad.exe in the Run Box.
                      2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

                      Code: [Select]
                      KillAll::

                      File::
                      C:\WINDOWS\SoftwareUpdater.exe
                      C:\Program Files\Internet Explorer\3424.EXE
                      C:\WINDOWS\System32\shsxpr.exe

                      Registry::
                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "SoftwareUpdater"=-
                      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
                      "shsxpr"=-
                      [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
                      [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmona]
                      [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\2e790fdd-3996-497e-a3ab-29a954949d29]

                      3. Go to the Notepad window and click Edit > Paste
                      4. Then click File > Save
                      5. Name the file CFScript.txt - Save the file to your Desktop
                      6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



                      ComboFix will begin to execute, just follow the prompts.
                      After reboot (in case it asks to reboot), it will produce a log for you.
                      Post that log (Combofix.txt) in your next reply.

                      Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

                      ----------

                      Download ATF Cleaner by Atribune.
                      Note: Vista users must use Run As Administrator
                      • Double-click ATF-Cleaner.exe to run the program.
                        Under Main choose: Select All
                        Click the Empty Selected button.
                      If you use Firefox browser
                      • Click Firefox at the top and choose: Select All
                        Click the Empty Selected button.
                        NOTE: If you would like to keep your saved passwords, please click No at the prompt.
                      If you use Opera browser
                      • Click Opera at the top and choose: Select All
                        Click the Empty Selected button.
                        NOTE: If you would like to keep your saved passwords, please click No at the prompt.
                      Click Exit on the Main menu to close the program.

                      ----------

                      Next post
                      Combofix log



                      How are things now?





                      ComputerTired

                        Topic Starter


                        Beginner

                        Success !!

                        The log for Combofix came!!

                         ;D

                        I'm so excited!!

                        Now let me finish the rest of the instructions ...