computer start up isn't right...virus?


Recommended Posts

Ok Lou, i need you to go to your Control Panel in uninstall programs/add remove and uninstall all Java except this Java 7 Update 67 along with SpyBot Search & Destroy !! We will install the latest update when we are done cleaning of Java !

 

======================

 

 

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus  :OTL

:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE:64bit:'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE:64bit: - HKLM\..\SearchScopes\{5E772DF8-7359-481C-AAD2-81FC14F249DB}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpdIE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE:64bit:'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE:64bit: - HKLM\..\SearchScopes\{ACFE2730-35DD-44CD-ADE0-4DC040AC32C4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBoxIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\..\SearchScopes\{ACFE2730-35DD-44CD-ADE0-4DC040AC32C4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox{searchTerms} - Bingwww.bing.comIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\URLSearchHook: - No CLSID value foundIE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\SearchScopes\{34675275-04C9-4E97-8373-52EBA399F1B0}: "URL" = http://websearch.ask...RJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=43DF1F4C-D5AB-48E2-A571-F77E29575BB0&apn_sauid=C5F124D4-EF49-44B9-8B8B-112766F3BCFBIE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS394IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\SearchScopes\{C3A23B68-A216-43F7-8407-0FDC14E5F127}: "URL" = https://www.google.com/search?q={searchTerms}IE - HKU\S-1-5-21-4107407181-1778811561-918822078-1000\..\SearchScopes\D100148B46634932924051677D2AD1C9: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS394FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found[2012/10/07 21:52:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensionsO2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not foundO9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-itss - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.  :Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.
 

 

Post that log when you get it, lets hope it will paste !!

 

Thanks

Chuck

Link to post
Share on other sites

Lou, i don't know what's going on but i can't post that log either !

 

I did read threw it & OTL fix did remove all i wrote for it to !

 

So next:

Clean up with OTL


    Right-click OTL.exe and select " Run as administrator " to run it.
    This will remove all the tools we used to clean your pc.
    Close all other programs apart from OTL as this step will require a reboot
    On the OTL main screen, press the CleanUp! button
    Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.
 

Everything looks clean, how's it running ??

Any problems ?

 

Chuck

Link to post
Share on other sites

Lou, 
Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Here are some tips to reduce the potential for spyware/malware infection in the future:
 
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    From within Internet Explorer click on the Tools menu and then click onOptions.
    Click once on theSecurity tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox  If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure.
NoScript

adblock plus

 
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.   **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
Online Armor Free
Agnitum Outpost Firewall Free
Comodo Firewall Free
 
5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.  Without these you are leaving the back door open.
 
6.WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites.  WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
 
7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware .

 

Let me know how its running ? And if any problems exist ??

 

If any tools still remain you can delete them !

 

I will have 1 more post if all is running well, it may be a tad slow until it has a few normal reboots !!

 

Chuck

Link to post
Share on other sites

HI Chuck, it seems to be great! Was there anything to suggest a problem with the start up program? If it continues to have problems now that it is clean, maybe the computer itself is the problem?

 

I have to get back over to mothers computer... please don't deactivate the post in the forum, I will try and get over there in the next few days!

 

Thank you so much again! I am sorry we had such problems with posting, I have no idea why. DO you get that problem with other people?

Link to post
Share on other sites

Lou, you asked about PUP"s !!

 

Potentially unwanted programs or PUPs are scattered throughout the Internet, whether a website offering or an inclusion in a freeware download. Like adware and legitimate software programs, PUPs may track (aka spy) surfing habits, collect data and send to a third party, even though some claim to gather non-evasive data. Well, you really cannot prove the collection doesn't infringe on your privacy. PUPs are sometimes called 'greyware' because they fall in a grey area and do not necessarily or upfront pose a security threat. However, if evasive data falls in the wrong hands, it can threaten security of your identity and financial stability. PUPS may negatively impact system performance and instability your operating system.

Link to post
Share on other sites

is this how Amazon know how to send things to my email that "I may like" because of what I bought previously, or how my FB page shows me adverts according to my buying habits? It's probably all very concerning and as you say, we really have no idea of who knows what about us. How do you actively avoid PUPS?

 

My computer start up did the same thing this morning...it commenced then kind of went to a sleep mode and I had to forcibly shut it down. When I re-attempted, it started up just fine. Could be the computer I think.

Link to post
Share on other sites

Yeah Lou, i 'm thinking it's the computer causing that !

Just no way really to stop the PUP's, i just make sure i clean them out every 6 months or so !!

 

Lets try this on the sleep problem, we will just shut it all down, it's not needed anyway !

Go to Control Panel > System & Security > Under Power Options choose Change when Computer sleeps  >  In the Turn off the Display select Never, under Put the computer to sleep select never , click save changes !
Try that and see if it helps !!

 

Let me know if this helps !

 

Chuck

Link to post
Share on other sites

HI Chuck, yes we already have the option changed to "never sleep" as this was a problem that we had previously. The internet is running real quick now thank you! We will clean up regularly from now on.

 

I am over at mother in laws tomorrow at some point, so I will begin once again on their clean up! Thank you so much,  I appreciate what you do :)

Link to post
Share on other sites
Guest
This topic is now closed to further replies.