Computer running a bit strangely

Status
Not open for further replies.
D

Darrenbilly

Posts: 163   +2
A few ads are slipping through and pop ups, it is a bit laggy also. Please check the attached combofix, by golly, it's a long one. Hmm infact, its way too big for the forum, i'll try it in two sections View attachment 33009
 
One thing I note is that you are starting up into BitTorrent. That give you a potential for malware. You need to go through the malware cleaning as mentioned.
 
Run HJT with no other programs open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to:

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: mysidesearch browser optimizer - {eca8618a-ea15-c310-2d63-44b2337eb022} - C:\WINDOWS\system32\{188e1f62-15ef-cdbd-6dc9-833de67c0ec8}.dll
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Click to expand...

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following :

C:\Program Files\Windows Live\Messenger\usnsvc.exe
Click to expand...

Please note any other programs that you don't recognize in that list in your next response.

Open SuperAntiSpyware and have it remove:

C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\WINDOWS\SYSTEM32\KMLLM.INI
C:\WINDOWS\SYSTEM32\YBEEG.INI
Click to expand...
Do NOT use your System Restore. It is infected. We will drop off the old points when you're clean.

Update the Java to v6u6:
https://www.techspot.com/downloads/6463-java-se.html

Run HijackThis and post new log.
 
Follow up

View attachment 33081

I removed all of the items in hijackthis.

When i started in safe mode and went to control panel > add/remove i could not find what you were asking for so i searched for it and deleted it.

I have the java update.

These are the programs im not too sure about:
Openmg limited patch 4.1-05-13-31-01
Openmg limited secure module 4.1.00
Metaframe presentation server
Web client for win32
Mvision
Microsoft IEAK
Winpcap

Also how can i arrange the programs in my all programs list, there are way too many?

Thanks
 
Looks like a left over from norton -> run the removal tool

I don't see a firewall ->
Use a Firewall - It is very important that you use a Firewall on your computer. If you use the Windows Firewall you might think that's enough but it only controls inbound traffic. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some firewalls which are free for personal use and most commonly used:
Comodo (Vista Compatible)
Kerio
Online Armor
Zonealarm (Vista Compatible)


Please run an online scan to look in more locations and to verify what's been done so far.
Run Kaspersky Online AV Scanner

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer"
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Attach the report into your next reply

Also attach a new hijackthis log after the above is done
 
Well, I no longer see the Live Messenger process- usnsvc.exe-that's good. Blind Dragon will take you through the rest of the scans.

I'd like to make a comment for you to keep in mind> you have a lot of game sites on the system. It's not unusual for those types of sites to send a little extra by way of ads and possible bundled spyware. So beware of that.
 
Thanks

Thankyou for all of your help bobbye. Blinddragon i will do all of those instructions by the end of today hopefully, thanks.
 
Blind Dragon, I appreciate your help. You are able to take users though subsequent cleaning programs after HijackThis, better than I. Thank you. Please continue.

But I did look at the latest log and see C:\Program Files\Windows Live\Messenger\usnsvc.exe is back! I thought you removed this.
 
:eek:

So did i? I removed windows live messenger which i always use.. But it auto reinstalls

I forgot to mention, i downloaded comodo firewall, but it says: "comodo firewall pro is being initialized" and then says: "the network firewall is not functioning properly, please run the diagnostics utility to fix the problem" which i do, but to no avail, please help?
 
?

My internet works fine, just the firewall is not, i will get one of the other ones blind dragon suggested. Please look at the attached ad aware log, i did the scan and it found 4 infections, im not sure if they are still on here and one of them mentions comodo firewall. Thanks

View attachment 33189
 
:D

Ok i've uninstalled it and run cleaner. Now im installing kerio ( sunbelt personal firewall) hopefully it works! In a previous post bobbye said to list any programs i was unsure of, i did but he did not respond to it, anyone else able to? Thanks

These are the programs im not too sure about:
Openmg limited patch 4.1-05-13-31-01
Openmg limited secure module 4.1.00
Metaframe presentation server
Web client for win32
Mvision
Microsoft IEAK
Winpcap

Also, can you donate to the forum?
 
Status
Not open for further replies.

Similar threads

Cal Jeffrey
Video game industry headed for a 10-percent slump in consumer spending
Replies
14
Views
233
gdavid65
G
J
How will AI reshape the data center?
Replies
5
Views
128
erickmendes
erickmendes
Cal Jeffrey
Cyberpunk 2077 gets big send off with one last update that includes a working metro
Replies
18
Views
506
erickmendes
erickmendes

Latest posts

Back