Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Certain files attempting to change my regitsry

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Certain files attempting to change my regitsry

Unread postby Helloeveryone » January 19th, 2014, 2:44 pm

Thought i should mention that COMODO firewall tells me that idle-threads.exe is the parent application of the bcdboots file.
Helloeveryone
Active Member
 
Posts: 9
Joined: January 6th, 2014, 11:29 am
Advertisement
Register to Remove

Re: Certain files attempting to change my regitsry

Unread postby nunped » January 20th, 2014, 5:10 am

Hi HelloEveryone,

I can't find clear evidence that those files are malware related. They appear to be part of Microsoft .Net Framework.
When you say that they try to access the registry, what is the specific message you see?
Do you have any other issues?

Meanwhile, let's clean a few entries with OTL:
Step 1 - OTL fix
  • Right click OTL.exe and select "Run as Administrator" to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Do not include the words "Code: Select all". Press "Select all" to automatically select all the text on the box.
Code: Select all
:commands
[createrestorepoint]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.shareware.pro/?lang=en
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.shareware.pro/?lang=en
O2 - BHO: (no name) - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKU\S-1-5-21-2874987175-3563903751-1789994896-1003..\Run: [uTorrent] C:\Users\SL!ghtLY St00p!D\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O15 - HKU\S-1-5-21-2874987175-3563903751-1789994896-1003\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2874987175-3563903751-1789994896-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2874987175-3563903751-1789994896-1003\..Trusted Ranges: GD ([http] in Local intranet)
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:files
ipconfig /flushdns /c

:commands
[emptytemp]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Step 2 - Uninstall Programs
  • Click on Start
  • Copy and paste the value below, into the Start Search entry box:
    appwiz.cpl
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  • Locate the following programs:
    Java(TM) 6 Update 31
    Java(TM) 6 Update 5
    Adobe Reader 8.1.0

    Note: outdated versions of Java and Adobe Reader are vulnerable. You can install the most recent version of Reader when we're done cleaning.
  • Select the program and click on Uninstall to uninstall it.
  • Repeat steps 3 - 4 for each program in the list.
  • Reboot your computer after this.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Certain files attempting to change my regitsry

Unread postby Cypher » January 23rd, 2014, 7:22 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 142 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware