Many issues with trojans

Discussion in 'Malware Help (A Specialist Will Reply)' started by victvict, Mar 14, 2013.

  1. victvict

    victvict Private E-2

    Hi,
    I was given this computer by a friend and it seems to have issues. Its a Toshiba laptop, windows7 and the Antivirus (Avira) has detected tojans and viruses. I ran all the programs that was suggested and I dont seem to be redirect to stange web sites but my Start button is missing when I'm on the internet so I have to sign off to access any files. The next problem is that "downloaded Combofix, I ran it (without a professional!) and I had problems so I restored the computer to a previous date. I didn't save Combofix to the desktop and now I don't know how to remove it. You may not want to help me! I really feel terrible. I'll post the attachments hoping you'll find some compassion for my stupid behaviour. I do feel badly.
    Thanks, Victoria
     

    Attached Files:

    victvict, Mar 14, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Uninstall the below software. You may not see Strongvault. Don't worry about it. Just continue on.
    DefaultTab Chrome
    DefaultTab
    DriverUpdate
    Java(TM) 7 Update 5
    Strongvault Online Backup

    Now install the current version of Sun Java from: Sun Java Runtime Environment

    Please download OTM by Old Timer and save it to your Desktop.
    • Run it by double clicking on it (Note: if using Vista, Win7, or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe
 
:Files
C:\Users\Dr. Corbin\Desktop\Clean Registry for Free!.lnk
C:\Users\Dr. Corbin\Desktop\Disk Cleanup (2).lnk
C:\ProgramData\Norton
C:\ProgramData\NortonInstaller
C:\ProgramData\Symantec
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARO 2012
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
C:\Users\Dr. Corbin\AppData\Local\Strongvault Online Backup
C:\Program Files (x86)\Strongvault Online Backup
C:\Program Files (x86)\ARO 2012
C:\Program Files (x86)\DefaultTab
C:\Program Files (x86)\DriverUpdate
C:\Program Files (x86)\File Type Assistant
C:\Program Files (x86)\MyFunCards_5m
C:\Program Files (x86)\Norton PC Checkup
C:\Program Files (x86)\NortonInstaller
C:\Program Files (x86)\UtilityChest_49
C:\Windows\tasks\DriverUpdate Startup.job
C:\Windows\tasks\PC Optimizer Pro64 startups.job
C:\Users\Dr. Corbin\AppData\Local\Temp\*.*

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5E33D30D-D896-4D92-B033-5F45819B2937}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5E33D30D-D896-4D92-B033-5F45819B2937}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06e05b40-77fa-40b6-9077-ed1a7577b1ef}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58f7b5ca-1162-42e8-8bbc-d543b4edd780}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4b22c87-45ef-4f43-89f2-40db2078864e}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da71fd14-5f7b-46ae-b8b1-44074a38f331}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{210f1b36-3b7f-41a4-b5da-3eb87f5a56c2}"=-
"{cf67755f-9265-449c-87cf-b945519e073b}"=-
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AROReminder"=-
[HKEY_USERS\S-1-5-21-1866183017-3013818119-1993950567-1000\Software\Microsoft\Windows\CurrentVersion\run]
"AROReminder"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}]
"Deleted"=-
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Mar 16, 2013
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds