Problem with removeal of Trojen

Discussion in 'General Software and Applications' started by HonoredShadow, Jul 25, 2013.

  1. HonoredShadow

    HonoredShadow Ancient Guru

    Messages:
    4,326
    Likes Received:
    21
    GPU:
    msi 4090
    Just ran Malware Bytes and it cant remove this:
    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|29920 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msqeuaw.com -> No action taken.

    How could I manually remove this safely?
     
  2. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,541
    Likes Received:
    13,560
    GPU:
    GF RTX 4070
    Boot from recovery CD, launch command line and remove file. Also you can open registry hive and remove that "29920".

    Edit: You can also burn Kaspesrky (or any other antivirus) emergency CD, boot from it and let it clean the rig...
     
  3. Veteran

    Veteran Ancient Guru

    Messages:
    12,094
    Likes Received:
    21
    GPU:
    2xTitan XM@1590Mhz-CH20
    Go into safemode and run malwarebytes and you shouldnt have a problem removing. If that fails run hijack this, paste the log into Hijack analyzer, find that regkey and delete manually.:)
     
  4. HonoredShadow

    HonoredShadow Ancient Guru

    Messages:
    4,326
    Likes Received:
    21
    GPU:
    msi 4090
    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 14:42:38, on 25/07/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16635)
    CHROME: 28.0.1500.72

    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    C:\Program Files (x86)\CPKeeper\CPKeeper.exe
    C:\Users\HonoredShadow\AppData\Roaming\Microsoft\Windows\wbemcore.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files (x86)\corsair\K90 Keyboard\K90Hid.exe
    C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
    C:\Program Files (x86)\corsair\K90 Keyboard\CorsTra.exe
    C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
    C:\Program Files (x86)\Pale Moon\palemoon.exe
    E:\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://battlelog.battlefield.com/bf3/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    O4 - HKLM\..\Run: [Corsair laver] C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    O4 - HKCU\..\Run: [Google Update] "C:\Users\HonoredShadow\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Color Profile Keeper] C:\Program Files (x86)\CPKeeper\CPKeeper.exe
    O4 - HKCU\..\RunOnce: [Windows Management Instrumentation] C:\Users\HonoredShadow\AppData\Roaming\Microsoft\Windows\wbemcore.exe
    O4 - HKLM\..\Policies\Explorer\Run: [29920] C:\PROGRA~3\LOCALS~1\Temp\msqeuaw.com
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-1697299854-723483020-2917721472-1032\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-1697299854-723483020-2917721472-1032\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 8150 bytes


    Then I ran HijackThis! Log auto analyzer V2:

    Could not execute query correctly. : 1062: Duplicate entry '@serviceystemroot%system32fxsresm.dll,-' for key 1
    Could not execute query correctly. : 1062: Duplicate entry '@serviceystemroot%system32psbase.dll,-' for key 1
    Could not execute query correctly. : 1062: Duplicate entry '@serviceystemroot%system32Locator.exe,-' for key 1
    Could not execute query correctly. : 1062: Duplicate entry '@serviceystemroot%system32spoolsv.exe,-' for key 1
    Could not execute query correctly. : 1062: Duplicate entry '@serviceystemroot%system32vssvc.exe,-' for key 1
    Could not execute query correctly. : 1062: Duplicate entry '@serviceystemroot%system32wbengine.exe,-' for key 1Logfile of Trend Micro HijackThis v2.0.5


    Scan saved at 14:42:38, on 25/07/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16635)
    CHROME: 28.0.1500.72

    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe


    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe


    C:\Program Files (x86)\CPKeeper\CPKeeper.exe


    C:\Users\HonoredShadow\AppData\Roaming\Microsoft\Windows\wbemcore.exe


    C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe


    C:\Program Files (x86)\corsair\K90 Keyboard\K90Hid.exe


    C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE


    C:\Program Files (x86)\corsair\K90 Keyboard\CorsTra.exe


    C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe


    C:\Program Files (x86)\Pale Moon\palemoon.exe


    E:\Downloads\HijackThis.exe



    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://battlelog.battlefield.com/bf3/


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =


    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =


    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =


    F2 - REG:system.ini: UserInit=userinit.exe,


    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll


    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll


    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll


    O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide


    O4 - HKLM\..\Run: [Corsair laver] C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe


    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript


    O4 - HKCU\..\Run: [Google Update] "C:\Users\HonoredShadow\AppData\Local\Google\Update\GoogleUpdate.exe" /c


    O4 - HKCU\..\Run: [Color Profile Keeper] C:\Program Files (x86)\CPKeeper\CPKeeper.exe


    O4 - HKCU\..\RunOnce: [Windows Management Instrumentation] C:\Users\HonoredShadow\AppData\Roaming\Microsoft\Windows\wbemcore.exe


    O4 - HKLM\..\Policies\Explorer\Run: [29920] C:\PROGRA~3\LOCALS~1\Temp\msqeuaw.com


    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')


    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')


    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')


    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')


    O4 - HKUS\S-1-5-21-1697299854-723483020-2917721472-1032\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')


    O4 - HKUS\S-1-5-21-1697299854-723483020-2917721472-1032\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')


    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll


    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll


    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics


    O15 - Trusted Zone: *.clonewarsadventures.com


    O15 - Trusted Zone: *.freerealms.com


    O15 - Trusted Zone: *.soe.com


    O15 - Trusted Zone: *.sony.com


    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL


    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)


    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)


    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)


    O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe


    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)


    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe


    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)


    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)


    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)


    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe


    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)


    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)


    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)


    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe


    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)


    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)


    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)


    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe


    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)


    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)


    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)


    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)


    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)


    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)


    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)


    O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    Critical Error! Could not open file connection.

    Still none the wiser! In safemode Malwarebytes could not remove it. I am unsure of how to find this reg.
     
    Last edited: Jul 25, 2013

  5. mbk1969

    mbk1969 Ancient Guru

    Messages:
    15,541
    Likes Received:
    13,560
    GPU:
    GF RTX 4070
    Code:
    (spoiler) ... (/spoiler) only use square brackets instead round ones
    Don`t use safe mode. Use boot from CD/DVD/USB.
     
  6. HonoredShadow

    HonoredShadow Ancient Guru

    Messages:
    4,326
    Likes Received:
    21
    GPU:
    msi 4090
    But even if I do that I still don't know how to remove it. Hell I can't even find it in Windows let alone DOS command in Windows install!

    I was not that into PC's when I was younger.
     
  7. HonoredShadow

    HonoredShadow Ancient Guru

    Messages:
    4,326
    Likes Received:
    21
    GPU:
    msi 4090
    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|29920 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msqeuaw.com -> No action taken.

    I just went to this in regedit and it won't let me delete it. Does any one know how I can delete this booting from DVD?

    Will try to Google it.

    Thanks all.

    EDIT: I managed to remove it! Hope it does not come back after computer restart.

    I went into regedit, found it then clicked on it then went into the menu and clicked edit, permissions. I clicked full control and it was gone. I am assuming the other entry (Default) is a windows one in the 'run' part of the registry location above.

    Cheers for all the help guys. Will write back if it comes back after restart. Just running Malware bytes again.
     
    Last edited: Jul 25, 2013
  8. anticupidon

    anticupidon Ancient Guru

    Messages:
    7,878
    Likes Received:
    4,123
    GPU:
    Polaris/Vega/Navi
    Make a bootable usb thumbdrive with bitdefender live with the help of Yumi usb,boot from it and solve this issue.
     
  9. Veteran

    Veteran Ancient Guru

    Messages:
    12,094
    Likes Received:
    21
    GPU:
    2xTitan XM@1590Mhz-CH20
    As i said in another thread if malwarebytes fails then run Bitdefender. If that fails you may need to boot into a live environment by using a CD like anticupidon said.

    If it still fails i would just backup and reinstall. The best protection is prevention ie: Having security software inplace to stop any malware getting into the registry or anywhere else.
     
  10. HonoredShadow

    HonoredShadow Ancient Guru

    Messages:
    4,326
    Likes Received:
    21
    GPU:
    msi 4090
    I use MSE (enough said mabe) and it found nothing. I ran ESTonline scan via the little program (as it's not compatible with FF, PM) and it found one thing but wiped it. 2 trojan horses were picked up by Malware bytes but could not delete one.

    Have not had any problems for years until now!
     

  11. Phragmeister

    Phragmeister Guest

    Messages:
    1,895
    Likes Received:
    316
    GPU:
    MSI GTX 980 4GB
  12. Pill Monster

    Pill Monster Banned

    Messages:
    25,211
    Likes Received:
    9
    GPU:
    7950 Vapor-X 1100/1500
    Looks like the file has already been deleted.

    Run CCleaner and it should remove the reg entry.....
     
  13. HonoredShadow

    HonoredShadow Ancient Guru

    Messages:
    4,326
    Likes Received:
    21
    GPU:
    msi 4090
    I ran that program. No problems! Thanks for the link. I noticed in that program there are options under utilities. Not sure if I should use any of those. Reason why I ask is because I used a program called Toolwiz Care that was recommended on this site. Some of the options allow you to 'optimise' your broadband settings in Windows. I feel that maybe, just maybe they have actaully slowed things down.

    Take a look at this pic and see what you think of these 'tweaks' and if they need reversing.

    [​IMG]
     
  14. Phragmeister

    Phragmeister Guest

    Messages:
    1,895
    Likes Received:
    316
    GPU:
    MSI GTX 980 4GB
    I've always found the best software to tweak network settings is this - TCP Optimizer
     
  15. Pill Monster

    Pill Monster Banned

    Messages:
    25,211
    Likes Received:
    9
    GPU:
    7950 Vapor-X 1100/1500
    ^Me too....
     

  16. HonoredShadow

    HonoredShadow Ancient Guru

    Messages:
    4,326
    Likes Received:
    21
    GPU:
    msi 4090
    Does it really make a difference?

    I have tried it in the past but sometimes things seemed slower. Do you just click the optimise settings and be done? Surely Windows 7 does not need such tweaks?

    Maybe I used it wrong.

    EDIT: I know this is a noob question to ask but with my connection I can download up to 1.8 per second. What is that megabytes or bits? Speedtest shows 14.66. I never did find out dohh. Basically I'm asking because of the slider on above program.
     
    Last edited: Jul 29, 2013
  17. PhazeDelta1

    PhazeDelta1 Guest

    Messages:
    15,608
    Likes Received:
    14
    GPU:
    EVGA 1080 FTW
    Me 3 :thumbup:
     
  18. Pill Monster

    Pill Monster Banned

    Messages:
    25,211
    Likes Received:
    9
    GPU:
    7950 Vapor-X 1100/1500
    14.7 Mbps (Megabits)
    1.8 MB/s (Megabytes)
     
  19. HonoredShadow

    HonoredShadow Ancient Guru

    Messages:
    4,326
    Likes Received:
    21
    GPU:
    msi 4090
    Thanks for that. I used the slider and moved it to 14 then hit optimise. Will this have a good effect on games online?

    Does it affect the browser too? I'm guessing so.
     

Share This Page