User Tag List

Infected Laptop

This is a discussion on Infected Laptop within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello EPMailman, You're Welcome. I didn't see the SystemLook log. Please post this log in your next reply.


 
 
Thread Tools Search this Thread
Old 05-31-2015, 11:28 PM   #41
Security Team
Analyst
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello EPMailman,

You're Welcome. I didn't see the SystemLook log. Please post this log in your next reply.
tekir06 is offline  
Sponsored Links
Advertisement
 
Old 06-01-2015, 06:01 AM   #42
Registered Member
 
Join Date: Feb 2013
Posts: 31
OS: Windows 7 Home Prem



Greetings Tolga,
Sorry, I thought it was attached. Here it is
Attached Files
File Type: txt SystemLook.txt (8.1 KB, 19 views)
EPMailman is offline  
Old 06-01-2015, 07:55 AM   #43
Registered Member
 
Join Date: Feb 2013
Posts: 31
OS: Windows 7 Home Prem



Just ran a scan with malwarebytes and 8 threats were found. Here is the scan.
Attached Files
File Type: txt Lenovoscan8.txt (2.7 KB, 12 views)
EPMailman is offline  
Sponsored Links
Advertisement
 
Old 06-01-2015, 02:54 PM   #44
Security Team
Analyst
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Please do the below instructions.

Please open Notepad.
Copy/Paste the entire contents of the codebox below into Notepad.
Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\DefaultIcon]
@="C:\\Windows\\System32\\url.dll,0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\DefaultIcon]
@="C:\\Windows\\System32\\url.dll,0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\DefaultIcon]
@="C:\\Windows\\System32\\url.dll,0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13966DFB-239C-4456-9490-9CF107B80675}"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13966DFB-239C-4456-9490-9CF107B80675}"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13966DFB-239C-4456-9490-9CF107B80675}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm]
@="htmlfile"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html]
@="htmlfile"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml]
@="htmlfile"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids]
"CRSBRWSHTML"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids]
"CRSBRWSHTML"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht]
@="xhtmlfile"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds]
"xhtmlfile"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml]
@="xhtmlfile"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds]
"xhtmlfile"=""

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\CRSBRWSHTML]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared\HTML]
"KnownIDs"="ChromeHTML;FirefoxHTML;"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\CRSBRWSHTML]
Save the file as fix.reg
Choose to Save as type: - All Files then close the Notepad file.
Double-click on fix.reg and choose Yes.
Once you have finished, delete the fixreg file.

=======================================================

Please Re-run FRST64. Double-click to run it. Make sure the Addition.txt button is ticked. Please attach FRST.txt and Addtion.txt your next reply.
tekir06 is offline  
Old 06-01-2015, 07:33 PM   #45
Registered Member
 
Join Date: Feb 2013
Posts: 31
OS: Windows 7 Home Prem



Greetings Tolga,
Ran fix.reg, deleted the file. Ran FRST64. The two files are attached.
Ran malwarebytes and it came back clean. There was a windows update and the second restart took a long time. the text it gave me was cleaning up.
Attached Files
File Type: txt FRST.txt (62.0 KB, 19 views)
File Type: txt Addition.txt (38.4 KB, 21 views)
EPMailman is offline  
Old 06-02-2015, 12:13 AM   #46
Security Team
Analyst
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello,

Quote:
Ran malwarebytes and it came back clean.
Sounds good

Please do the below instructions and tell me the computer's latest condition. How to behaving Machine?

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST64.exe

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
CreatRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3563656697-2128792284-4278413744-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Task: {54F61705-E2BE-4BB4-A1BD-C267D2DEC3FB} - System32\Tasks\{23718555-9330-4688-86EF-A36A3CDACD72} => pcalua.exe -a E:\ImageViewer.exe -d E:\
Task: {6FE08A1B-CAAA-43DE-B8EA-F103254808D4} - \HDNINSTSCHD No Task File <==== ATTENTION
Task: {7AD4485F-027B-4EC3-8E5F-DD839C1F06B5} - \JEQAT No Task File <==== ATTENTION
Task: {7AD4485F-027B-4EC3-8E5F-DD839C1F06B5} - \JEQAT No Task File <==== ATTENTION
EmptyTemp:
Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
tekir06 is offline  
Old 06-02-2015, 05:57 AM   #47
Registered Member
 
Join Date: Feb 2013
Posts: 31
OS: Windows 7 Home Prem



Greetings Tolga,
the machine is running normally. Firefox and Chrome are running with no problems and no pop-up ads. IE froze up going to Yahoo but recovered. Clicking on links are more robust, no lag as I was experiencing before. Malwarebytes Premium is installed. WOT is an addon on all three browsers. FRST64 was run with your fixlist and the fixlog.txt is attached. Latest scan came back clean.
Attached Files
File Type: txt Fixlog.txt (3.4 KB, 15 views)
EPMailman is offline  
Old 06-02-2015, 06:10 AM   #48
Security Team
Analyst
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello EPMailman,

Sounds good. We're done. I'm glad to help. Please re-read my final speech and re-run Delfix. No need to post delfix log.

Please respond to this thread one more time so we can mark this thread as resolved.
tekir06 is offline  
Old 06-02-2015, 10:15 AM   #49
Registered Member
 
Join Date: Feb 2013
Posts: 31
OS: Windows 7 Home Prem


Thumbs Up

Thank you Tolga,
the process took over one week and you did an amazing job. With your advice and the articles about best practices the laptop should be safer. Enjoy your summer!
EPMailman is offline  
Old 06-02-2015, 10:47 AM   #50
Security Team
Analyst
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Steve,
You're welcome. Thank you for your patience and coorperation.
tekir06 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
My laptop giving me a hard time
Hello people :smile: This is my first post on this forum. I would like to share my problem with you all and would be glad if you people can solve it. I own a Dell Inspiron 6400 laptop, I know its pretty old, but still it was working without any problem since a few years. But since last year, it...
parth.jain Laptop Support 5 02-04-2014 06:39 AM
[SOLVED] Laptop charging issues
Hello everyone, I have a problem with my laptops charger/battery or maybe software and I wanted some advice/solutions. Firstly, this is my first time not only on this forum but on any computer/tech help forum so sorry if I do anything wrong. I will give you my basic problem, followed by extra...
PooPooCake Laptop Support 2 01-02-2013 08:31 AM
Windows 7 Recovery Problem
Hello, I first got this about a month ago as "Win 7 2011 Security Alert" which wouldn't let me open internet explorer, disabled malwarebytes and caused general chaos. I managed to get malware bytes open by running an antivirus scan (Panda) and then malware bytes could update and detect/remove...
RichieFth Virus/Trojan/Spyware Help 21 04-28-2011 01:08 PM
"Internet Protection" malware problem. Help
Hello I have a problem with my laptop which is running on Windows 7. I do not have access to the windows disc/boot disc. Two days ago a small window popped up with the title of "Internet Protection" and in the small window of it, it looked like this program was running a scan and finding...
poorscousertomy Resolved HJT Threads 11 04-17-2011 10:21 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:46 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts